CVE-2003-1148 Information

Description

Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1 as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.

Reference

http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html http://secunia.com/advisories/10079 http://securitytracker.com/id?1008011 http://securitytracker.com/id?1017065 http://www.osvdb.org/2717 http://www.osvdb.org/3586 http://www.securityfocus.com/bid/8902 https://exchange.xforce.ibmcloud.com/vulnerabilities/13529