CVE-2007-2900 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/ (2) skin/gold/ or (3) skin/original/.

Reference

http://osvdb.org/38142 http://osvdb.org/38143 http://osvdb.org/38144 http://www.vupen.com/english/advisories/2007/1933 https://exchange.xforce.ibmcloud.com/vulnerabilities/34469 https://www.exploit-db.com/exploits/3972