Description
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Remediation
References
Related Vulnerabilities
WordPress Plugin Car Rental System Cross-Site Scripting (1.3)
Oracle Database Server CVE-2009-1018 Vulnerability (CVE-2009-1018)
WordPress Plugin RSS Post Importer Unspecified Vulnerability (2.5.0)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)
WordPress Plugin ThemeGrill Demo Importer Cross-Site Request Forgery (1.6.2)