CVE-2008-2690 - Serbonian Heaps


Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php (2) login.php (3) index.php (4) contact_view.php and (5) contact.php in pub/ different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.