AzzCoder => phpBB XS 0.58 Remote File Include

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AzzCoder => phpBB XS 0.58 Remote File Include

Subject: AzzCoder => phpBB XS 0.58 Remote File Include
Date: 12 Sep 2006 00:35:44 -0000
From: suppressed

A important vulnerability into functions.php will allow a malicious user to insert a remote file.

The Vulnerable Code:

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)

Prev by Date: WTools v0.0.1-ALPH - Remote File Include Vulnerabilities
Next by Date: LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
Previous by thread: WTools v0.0.1-ALPH - Remote File Include Vulnerabilities
Next by thread: LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.