Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dcp-portal | Codeworx_technologies | se_6.0 (including) | se_6.0 (including) |