RETIRED: Esvon Classifieds Remote Command Execution and Remote File Include Vulnerabilities

Esvon Classifieds is prone to a remote command-execution vulnerability and multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary commands, obtain potentially sensitive information and execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

RETIRED: This BID is retired; following further analysis, these issues are not exploitable as described.


 

Privacy Statement
Copyright 2010, SecurityFocus