Multiple vulnerabilities have been identified in AROUNDMe, which could be exploited by attackers to execute arbitrary commands. These issues are due to input validation errors in the "components/core/inc/core_profile.header.php", "components/core/template/barnraiser_01/maint_contact_view.tpl.php", and "components/core/template/barnraiser_01/default.tpl.php" scripts when processing the "language_path_core", "template_path_core" and "template_path" parameters, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: AROUNDMe version 0.7.7 and prior
