AzzCoder => phpBB XS 0.58 Remote File Include Sep 12 2006 12:35AM
azzcoder hotmail com
A important vulnerability into functions.php will allow a malicious user to insert a remote file.

The Vulnerable Code:

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus