2 matches found
CVE-2007-5097
The vulnerability concerns Online Fantasy Football League (OFFL) version 0.2.6. It is a PHP remote file inclusion in lib/classes/offl_nflteam.php triggered via a URL parameter (DOC_ROOT), which could allow an attacker to execute arbitrary PHP code on the server. The issue is noted as disputed by ...
CVE-2007-4809
Summary : OFFL 0.2.6 (Online Fantasy Football League) contains multiple PHP remote file inclusion vulnerabilities that allow an attacker to craft a URL via the DOC_ROOT parameter to include files (lib/functions.php or lib/header.php), resulting in arbitrary PHP code execution under the web server...