CVE-2008-7183 Information

Description

PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1 when register_globals is enabled allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.

Reference

http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt http://www.securityfocus.com/bid/29954 https://exchange.xforce.ibmcloud.com/vulnerabilities/43437