• info
• discussion
• exploit
• solution
• references

Aztek Forum Multiple Input Validation Vulnerabilities

Aztek Forum is prone to multiple input-validation vulnerabilities, including multiple variable-overwrite vulnerabilities, a filter-bypass vulnerability, an SQL-injection vulnerability, and a remote file-include vulnerability.

A successful exploit may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementation, include and execute arbitrary remote files that may contain malicious PHP code within the context of the webserver, overwrite arbitrary variables, and bypass filtering mechanisms.

This issue affects version 4.0; other versions may also be affected.