CVE-2008-5332 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php (b) cancel.php (c) context.php (d) deadlinks.php (e) delete.php and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php (g) file.php (h) locale.php (i) mapfile.php (j) page.php and others.

Reference

http://securityreason.com/securityalert/4687 http://www.securityfocus.com/bid/32455 https://exchange.xforce.ibmcloud.com/vulnerabilities/46819 https://www.exploit-db.com/exploits/7221