Gwolle Guestbook: possible remote file inclusion using abspath
Description
Using a specific parameter, a malicious user might be able to include a remote PHP file on the server, and therefore execute code.
Default
configuration
Profiles
High
Medium
Low
Internet
Action
Block
Block
Block
Block
Alarm Level
Major
Minor
Minor
Minor
References
URL:
http://seclists.org/bugtraq/2014/Nov/103
Available since
ASQ v5.0.0
Protects
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
100 last CVE
CVE-2015-8354
CVE-2015-8353
CVE-2015-8351
CVE-2015-8350
Risk level
Low
