This indicates multiple file inclusion vulnerabilities in AroundMe. They are due to input validation errors in the "components/core/inc/core_profile.header.php", "components/core/template/barnraiser_01/maint_contact_view.tpl.php", and "components/core/template/barnraiser_01/default.tpl.php" scripts when processing the "language_path_core", "template_path_core" and "template_path" parameters. The vulnerabilities allow remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
AROUNDMe version 0.7.7 and prior.
Currently we are not aware of any official supplied fix for issue.
Vendor's web site:http://www.barnraiser.org/