PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.
Software | From | Fixed in |
---|---|---|
homeph_design / homeph_design | 2.10-rc2 | 2.10-rc2.x |