CVE-2007-0561 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php (2) admin_forum_prune.php (3) admin_extensions.php (4) admin_board.php (5) admin_attachments.php or (6) admin_users.php in admin/.

Reference

http://osvdb.org/31634 http://osvdb.org/31977 http://osvdb.org/31978 http://osvdb.org/31979 http://osvdb.org/31980 http://osvdb.org/31981 http://secunia.com/advisories/23952 http://www.securityfocus.com/archive/1/458059/100/0/threaded http://www.securityfocus.com/bid/22227 http://www.vupen.com/english/advisories/2007/0338 https://exchange.xforce.ibmcloud.com/vulnerabilities/31767 https://www.exploit-db.com/exploits/3192