PHPMyDesktop/Arcade 1.0 - 'index.php' Local File Inclusion

Author: darkgod
type: webapps
platform: php
port: 
date_added: 2006-05-31 
date_updated: 2013-08-29 
verified: 1 
codes: CVE-2006-2747;OSVDB-25934 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/18185/info

phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.

An attacker may also be able to execute arbitrary code by way of uploaded images.

http://www.example.com/index.php?todo=showsubsite&subsite=[file]%00