Description
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
Exploits (7)
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28039
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28040
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28043
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28046
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28045
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28041
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28042
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437483
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2308
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18479
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27327
Scores
EPSS
0.0406
EPSS Percentile
88.6%
Details
Status
published
Products (1)
keith_reichley/dotwidget_for_articles
0.2
Published
Feb 24, 2007
Tracked Since
Feb 18, 2026