WoWRoster 1.5.x and earlier - Remote File Inclusion via hsList.php subdir Parameter
PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
WoWRoster 1.5.1 - Remote File Inclusion via conf.php subdir Parameter
PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.