CVE-2007-4329 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php (2) news.php or (3) feed.php.

Reference

http://osvdb.org/36427 http://osvdb.org/36428 http://osvdb.org/36429 http://secunia.com/advisories/26398 http://securityreason.com/securityalert/2998 http://www.securityfocus.com/archive/1/475956/100/0/threaded http://www.securityfocus.com/bid/25257 http://www.vupen.com/english/advisories/2007/2839 https://exchange.xforce.ibmcloud.com/vulnerabilities/35925