Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since PHPWS_SOURCE_DIR is defined as a constant, not accessed as a variable
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpwebsite | Phpwebsite | 0.10.2 (including) | 0.10.2 (including) |