Description

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.

Remediation

References

CVE-2007-4279

Related Vulnerabilities

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.2.6)

WordPress Plugin Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)

WordPress Plugin Style It Cross-Site Scripting (1.0)

Oracle Database Server CVE-2019-2484 Vulnerability (CVE-2019-2484)

WordPress Plugin Easy Affiliate Links Cross-Site Scripting (3.7.0)

Severity

High

Classification

CVE-2007-4279

Tags

Missing Update Known Vulnerabilities