Description
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-0501 Vulnerability (CVE-2015-0501)
Java Denial of Service (DoS) Vulnerability (CVE-2018-2952)
WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)
GlassFish CVE-2017-3249 Vulnerability (CVE-2017-3249)
WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (4.0.9)