Description
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
Remediation
References
Related Vulnerabilities
TYPO3 Session Fixation Vulnerability (CVE-2010-3671)
PHP Other Vulnerability (CVE-2007-1887)
ownCloud Other Vulnerability (CVE-2012-5057)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)
WordPress Plugin Plugmatter Optin Feature Box Multiple SQL Injection Vulnerabilities (2.0.13)