CVE-2010-1337 Information

Description

Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10 and possibly 0.9.2 and other versions allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration[‘LANGUAGE’] parameters.

Reference

http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt http://www.securityfocus.com/bid/38889 https://exchange.xforce.ibmcloud.com/vulnerabilities/57147