CVE-2008-2877 Information

Description

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4 when register_globals is enabled allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

Reference

http://www.securityfocus.com/bid/29911 https://exchange.xforce.ibmcloud.com/vulnerabilities/43310 https://www.exploit-db.com/exploits/5921