CVE-2008-1124 Information

Feb 14, 2021 cve

Description

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php (3) categories.php (4) categories_add.php (5) categories_remove.php (6) edit.php (7) editdel.php (8) ftpfeature.php (9) login.php (10) pgRSSnews.php (11) showcat.php and (12) upload.php in core/admin/; and (13) archive_cat.php (14) archive_nocat.php and (15) recent_list.php in core/.

Reference

http://www.securityfocus.com/bid/28038 https://www.exploit-db.com/exploits/5200 Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php (3) categories.php (4) categories_add.php (5) categories_remove.php (6) edit.php (7) editdel.php (8) ftpfeature.php (9) login.php (10) pgRSSnews.php (11) showcat.php and (12) upload.php in core/admin/; and (13) archive_cat.php (14) archive_nocat.php and (15) recent_list.php in core/.

Share on: