PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ottoman | ottoman | 1.1.2 |