Multiple vulnerabilities have been identified in Friendly, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "_friendly/core/data/_load.php", "_friendly/core/data/yaml.inc.php", "_friendly/core/display/_load.php" and "_friendly/core/support/_load.php" scripts when processing the "friendly_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: Friendly version 1.0d1 and prior
