• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VBPortal BBVBPLang Parameter Local File inclusion Vulnerability

vbPortal is prone to a local file-include vulnerability.

An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

vbPortal versions 3.0.2 to 3.6.0 are vulnerable; other versions may also be affected.