Description
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.2.6)
WordPress Plugin Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)
WordPress Plugin Style It Cross-Site Scripting (1.0)
Oracle Database Server CVE-2019-2484 Vulnerability (CVE-2019-2484)
WordPress Plugin Easy Affiliate Links Cross-Site Scripting (3.7.0)