Description
Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26336
Various Sources x_refsource_misc
http://arfis.wordpress.com/2007/09/13/rfi-02-awratecom-message-board/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45528
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45529
Scores
EPSS
0.0123
EPSS Percentile
65.3%
Details
CWE
CWE-94
Status
published
Products (1)
awrate/awrate
1.0
Published
Oct 19, 2007
Tracked Since
Feb 18, 2026