Description
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)
MySQL CVE-2015-4870 Vulnerability (CVE-2015-4870)
Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)
Oracle JRE CVE-2013-2436 Vulnerability (CVE-2013-2436)
WordPress Plugin WordPress Geo-CF Geo Cross-Site Scripting (7.13.11)