RSS   Vulnerabilities for 'Cms s.builder'   RSS

2010-06-11
 
CVE-2009-4887

CWE-94
 

 
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.

 


Copyright 2024, cxsecurity.com

 

Back to Top