Description

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.

Remediation

References

CVE-2007-5117

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4553)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

WordPress Plugin Connections Business Directory CSV Injection (9.6)

Apache Tomcat Other Vulnerability (CVE-2007-1858)

Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)

Severity

Critical

Classification

CVE-2007-5117 CWE-94

Tags

Missing Update Known Vulnerabilities