Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| blogator-script | blogator-script | 0.93 |
| blogator-script | blogator-script | 0.95 |
| blogator-script | blogator-script | * |
| blogator-script | blogator-script | 0.92 |
| blogator-script | blogator-script | 0.90 |
| blogator-script | blogator-script | 0.91 |