CVE-2004-2010 - Spumous Passbooks

Description

PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.

Reference

http://www.fribble.net/advisories/phpshop_29-04-04.txt http://www.securityfocus.com/bid/10313 http://secunia.com/advisories/11587 http://marc.info/?l=bugtraq&m=108420702317870&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16107