PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.
References
Configurations
History
No history.
Information
Published : 2010-06-11 14:30
Updated : 2024-02-28 11:41
NVD link : CVE-2009-4887
Mitre link : CVE-2009-4887
CVE.ORG link : CVE-2009-4887
JSON object : View
Products Affected
sbuilder
- cms_s.builder
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')