CVE-2007-2260 Information

Description

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php (2) source.php (3) log.php (4) latex.php (5) indexinfo.php (6) index.php (7) importinfo.php (8) import.php (9) examplefile.php (10) clearinfo.php (11) clear.php (12) aboutinfo.php (13) about.php and other unspecified files.

Reference

http://osvdb.org/35621 http://osvdb.org/35622 http://osvdb.org/35623 http://osvdb.org/35624 http://osvdb.org/35625 http://osvdb.org/35626 http://osvdb.org/35627 http://osvdb.org/35628 http://osvdb.org/35629 http://osvdb.org/35630 http://osvdb.org/35631 http://osvdb.org/35632 http://osvdb.org/35633 http://securityreason.com/securityalert/2624 http://www.securityfocus.com/archive/1/466683/100/0/threaded