CVE-2007-4636 Information

Description

Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php (2) intern/admin/ (3) intern/clan/member_add.php (4) intern/config/key_2.php or (5) intern/config/forum.php.

Reference

http://osvdb.org/38429 http://osvdb.org/38430 http://osvdb.org/38431 http://osvdb.org/38432 http://osvdb.org/38433 http://www.securityfocus.com/bid/25486 https://exchange.xforce.ibmcloud.com/vulnerabilities/36348 https://www.exploit-db.com/exploits/4340