CVE-2009-0294 Information

Description

Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php (2) archive.php (3) comments.php and (4) news.php; (5) News.php (6) SendFriend.php (7) Archive.php and (8) Comments.php in base/; and possibly other components different vectors than CVE-2007-1288.

Reference

http://secunia.com/advisories/33691 http://www.securityfocus.com/archive/1/500398/100/0/threaded http://www.securityfocus.com/bid/33434