CVE-2007-3066 Information

Description

Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php (2) users.inc.php (3) updatecms.inc.php and (4) polls.inc.php in inc/; and other unspecified files different vectors than CVE-2006-3983.

Reference

http://osvdb.org/38375 http://osvdb.org/38376 http://osvdb.org/38377 http://osvdb.org/38378 http://securityreason.com/securityalert/2773 http://www.securityfocus.com/archive/1/470241/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34674