• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ISPConfig Session.INC.PHP Remote File Include Vulnerability

Solution:
The vendor reports that this issue is not exploitable on default configurations of the application, because the vulnerable file is not in the web root. However, the vendor has released an advisory to address this issue for situations where the vulnerable file is accessible remotely. An update is pending. Please contact the vendor for more information.