CVE-2016-20078 | Henrique Dias IMDb Profile Widget 1.0.8 pic.php url filename control (Exploit 39621 / EDB-39621)

A vulnerability identified as problematic has been detected in Henrique Dias IMDb Profile Widget 1.0.8. Affected is an unknown function of the file pic.php. This manipulation of the argument url causes improper control of filename for include/require statement in php program (‘php remote file inclusion’). This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is tracked as CVE-2016-20078. The attack is possible to be carried out remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More