Looking for a PHP/mySQL developer to upgrade three existing DreamAccount php modules to correct exploits from remote file include vulnerability. The php scripts which need to be updated are [url removed, login to view], [url removed, login to view] and
auth.sessions.inc.php. Input passed to the "da_path" parameter in "auth.cookie.inc.php", "auth.header.inc.php" and
"auth.sessions.inc.php" is not properly verified, before it is used to include files. This can be exploited to execute arbitrary code by including files from external resources.
Would prefer someone experienced with DreamAccount if possible.