CVE-2007-0986 Information

Description

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 when PHP 5.0.0 or later is used allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.

Reference

http://mgsdl.free.fr/advisories/12070214.txt http://osvdb.org/33730 http://www.acid-root.new.fr/advisories/12070214.txt http://www.securityfocus.com/archive/1/460076/100/0/threaded http://www.securityfocus.com/archive/1/460100/100/0/threaded http://www.securityfocus.com/bid/22560 https://exchange.xforce.ibmcloud.com/vulnerabilities/32519 https://www.exploit-db.com/exploits/3309 Successful exploitation requires that \magic_quotes_gpc
is disabled and that \allow_url_fopen
is enabled.