Description
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wise Chat CSV Injection (2.8.3)
WordPress Plugin Keep Backup Daily Cross-Site Scripting (2.0.2)
WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)
SharePoint CVE-2020-16948 Vulnerability (CVE-2020-16948)
WordPress Plugin Schreikasten 'name' or 'contact' Field Cross-Site Scripting (0.14.13)