Multiple vulnerabilities have been identified in RSSonate, which could be exploited by attackers to execute arbitrary commands. These flaws are due to input validation errors in various scripts (e.g. "getFeed/inc/xml2rss.php" and "getFeed/inc/sql2xml.php") that do not validate the "PROJECT_ROOT" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
