CVE-2006-4987 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php (2) example-view/templates/root.php and (3) example-view/templates/dates_list.php.

Reference

http://securityreason.com/securityalert/1633 http://www.securityfocus.com/archive/1/446575/100/0/threaded http://www.securityfocus.com/bid/20134 https://exchange.xforce.ibmcloud.com/vulnerabilities/29101