CVE-2010-0367

Description

Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.

Affected products

• bitscripts / bits_video_script2.04 – 2.04
• bitscripts / bits_video_script2.05 – 2.05

References

• EXPLOIThttp://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/55740