CVE-2004-1427 - Distended Trims


PHP remote file inclusion vulnerability in in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause to be loaded.