Multiple vulnerabilities have been identified in awzMB, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in various scripts (e.g. "awzmb/adminhelp.php" and "awzmb/modules/admin.incl.php") when processing the "Setting[OPT_includepath]" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: awzMB version 4.2 beta 1 and prior
