CVE-2009-3331 Information

Description

Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php (2) submit.php (3) submitted.php and (4) autosubmitter/index.php.

Reference

http://www.exploit-db.com/exploits/9722 https://exchange.xforce.ibmcloud.com/vulnerabilities/53373