Description
PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter.
Affected products
- akarru / social_bookmarking_engine0.4.3.2 – 0.4.3.2
- akarru / social_bookmarking_engine0.4.3.3 – 0.4.3.3
- akarru / social_bookmarking_engine0.4.3.34 – 0.4.3.34
- akarru / social_bookmarking_engine0.4.4.120 – 0.4.4.120
References
- MISChttp://securityreason.com/securityalert/1543
- MISChttp://www.securityfocus.com/bid/19870
- MISChttp://www.securityfocus.com/archive/1/445605/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/21784
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3491
- EXPLOIThttps://www.exploit-db.com/exploits/2315
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/28760