PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Tutti_nova |
Tutti_nova |
* |
1.6 |
References