PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.2%