Description
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Remediation
References
Related Vulnerabilities
Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0815)
Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)
Oracle JRE CVE-2024-20952 Vulnerability (CVE-2024-20952)
WordPress Plugin Crafty Social Buttons Cross-Site Scripting (1.5.6)