CVE-2008-1416 Information

Description

Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php (2) messages.inc.php and (3) settings.inc.php in includes/.

Reference

http://secunia.com/advisories/29422 http://www.securityfocus.com/bid/28284 http://www.vupen.com/english/advisories/2008/0908/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41239 https://www.exploit-db.com/exploits/5266