Headline Portal Engine HPEInc Parameter Multiple Remote File Include Vulnerabilities

Headline Portal Engine HPEInc Parameter Multiple Remote File Include Vulnerabilities

Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.

These issues affect versions 1.0, 0.7.0, 0.6.5, and 0.6.1; other versions may also be vulnerable.