[原文]PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
CaLogic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cl_minical.php not properly sanitizing user input supplied to the CLPATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Upgrade to version 1.2.2 (2005-07-19) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 2005-07-19 release without a change in version number, and no other versions contain the fix. An upgrade is required as there are no known workarounds.