Description

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.

Remediation

References

CVE-2007-5117

Related Vulnerabilities

ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (4.1.6)

IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281)

MySQL CVE-2019-2784 Vulnerability (CVE-2019-2784)

WordPress Plugin User Access Manager Unspecified Vulnerability (1.2.6.9)

Severity

Critical

Classification

CVE-2007-5117 CWE-94

Tags

Missing Update Known Vulnerabilities