Description
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)
Oracle JRE Other Vulnerability (CVE-2012-5085)
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.34)
Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)