PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. Successful exploitation requires that "register_globals" is enabled.
Publication date: Thu, 14 Sep 2006 03:07:00 +0000