Description
PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code.
Affected products
- all4www / all4www-homepagecreator1.0a – 1.0a
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/14972
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111350434925520&w=2
- MISChttp://www.securityfocus.com/bid/13169