PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hotnews | Hotnews | 0.5.3 (including) | 0.5.3 (including) |
Hotnews | Hotnews | 0.6.0 (including) | 0.6.0 (including) |
Hotnews | Hotnews | 0.6.0_pre (including) | 0.6.0_pre (including) |
Hotnews | Hotnews | 0.6.1 (including) | 0.6.1 (including) |
Hotnews | Hotnews | 0.7.0 (including) | 0.7.0 (including) |
Hotnews | Hotnews | 0.7.1 (including) | 0.7.1 (including) |
Hotnews | Hotnews | 0.7.2 (including) | 0.7.2 (including) |