CVE-2008-0289 Information

Description

PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118 the vendor has disputed the set of affected versions stating that the issue \is already fixed for almost a year.\

Reference

http://securityreason.com/securityalert/3547 http://www.securityfocus.com/archive/1/486172/100/0/threaded http://www.securityfocus.com/archive/1/486618/100/0/threaded http://www.securityfocus.com/bid/27244 https://exchange.xforce.ibmcloud.com/vulnerabilities/39611