CVE-2007-6147 Information

Description

Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/ (2) admin/phase/ (3) includes/ (4) includes/page_includes/ (5) reviewer/includes/ (6) reviewer/phase/ and (7) user/phase/.

Reference

http://secunia.com/advisories/27788 http://www.securityfocus.com/bid/26570 https://exchange.xforce.ibmcloud.com/vulnerabilities/38641 https://www.exploit-db.com/exploits/4659