Multiple vulnerabilities have been identified in Jinzora, which could be exploited by attackers to execute arbitrary commands. These flaws are due to input validation errors in the "popup.php", "rss.php", "ajax_request.php", and "mediabroadcast.php" scripts when processing the "include_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: Jinzora version 2.7 and prior
