Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
Software | From | Fixed in |
---|---|---|
blogator-script / blogator-script | - | 1.00.x |
blogator-script / blogator-script | 0.90 | 0.90.x |
blogator-script / blogator-script | 0.91 | 0.91.x |
blogator-script / blogator-script | 0.92 | 0.92.x |
blogator-script / blogator-script | 0.93 | 0.93.x |
blogator-script / blogator-script | 0.95 | 0.95.x |