Multiple vulnerabilities have been identified in PHPope, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in in various (e.g. "plugins/address/admin/index.php", "plugins/im/compose.php" or "plugins/cssedit/admin/index.php") scripts when processing the "GLOBALS[config][dir][plugins]", "GLOBALS[config][dir][functions]" and "GLOBALS[config][dir][classes]" parameters, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: PHPope version 1.0.0 and prior
