Avatic : Security Vulnerabilities, CVEs, Published In 2006 (File inclusion)
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
Max CVSS
6.4
EPSS Score
3.84%
Published
2006-05-03
Updated
2017-10-19
1 vulnerabilities found