CVE-2008-1466 Information

Description

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php (2) create_forum.php (3) create_user.php (4) delete_notes.php (5) delete_user.php (6) edit_forum.php (7) mail_users.php (8) moderate_notes.php and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://www.securityfocus.com/bid/28366 https://exchange.xforce.ibmcloud.com/vulnerabilities/41352