PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpdocumentor | Joshua_eichorn | 1.2.3 | 1.2.3 |
Phpdocumentor | Joshua_eichorn | 1.2.2 | 1.2.2 |
Phpdocumentor | Joshua_eichorn | 1.2 | 1.2 |
Phpdocumentor | Joshua_eichorn | 1.2.1 | 1.2.1 |
Phpdocumentor | Joshua_eichorn | 1.3_rc3 | 1.3_rc3 |
Phpdocumentor | Joshua_eichorn | 1.3_rc4 | 1.3_rc4 |