PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.