BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
MAXDEV CMS Multiple vulnerabilities
Apr 06 2006 06:02PM
king_purba yahoo co uk
Full Path disclosure
---------------------
This hole is caused by direct access to file includes/legacy.php not protected
PoC :
http://site.co.id/maxdev/includes/legacy.php
Fix :
Turn off display error in php.ini can fix this security issue
Blind sql inject
-----------------
This hole is caused b...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
---------------------
This hole is caused by direct access to file includes/legacy.php not protected
PoC :
http://site.co.id/maxdev/includes/legacy.php
Fix :
Turn off display error in php.ini can fix this security issue
Blind sql inject
-----------------
This hole is caused b...
[ more ]