CVE-2008-5167

Description

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.

Affected products

• boonex / orca2.0 – 2.0
• boonex / orca2.0.2 – 2.0.2

References

• EXPLOIThttps://www.exploit-db.com/exploits/6282
• MISChttp://www.securityfocus.com/bid/29974
• EXPLOIThttps://www.exploit-db.com/exploits/5955
• MISChttp://securityreason.com/securityalert/4616
• VENDOR_ADVISORYhttp://secunia.com/advisories/30855