-
Secunia Advisory 22420
IncCMS Core "inc_dir" File Inclusion Vulnerability- Criticality: High
- Description: Kacper has reported a vulnerability in IncCMS Core, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "inc_dir" parameter in inc/settings.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22420/
-
Secunia Advisory 22430
French Language Pack for phpBB Prillian "phpbb_root_path" File Inclusion- Criticality: High
- Description: Ashiyane Corporation has reported some vulnerabilities in the French Language Pack for the phpBB Prillian module, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "phpbb_root_path" parameter in language/lang_french/lang_prillian_faq.php and language/lang/lang_contact_faq.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22430/
-
Secunia Advisory 22432
phpBB lat2cyr "phpbb_root_path" File Inclusion Vulnerability- Criticality: High
- Description: Ashiyane Corporation has reported a vulnerability in the lat2cyr module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "phpbb_root_path" parameter in lat2cyr.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22432/
-
Secunia Advisory 22436
ACP User Registration "phpbb_root_path" File Inclusion Vulnerability- Criticality: High
- Description: bd0rk has reported a vulnerability in the ACP User Registration module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "phpbb_root_path" is not properly verified before being used to include files. This can be exploited by malicious people to include arbitrary files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22436/
-
Secunia Advisory 22437
SuperMod "sourcedir" File Inclusion Vulnerabilities- Criticality: High
- Description: sZ has discovered some vulnerabilities in SuperMod, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "sourcedir" parameter in Offline.php, Sources/Offline.php, and content/portalshow.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22437/
-
Secunia Advisory 22438
SpamOborona "phpbb_root_path" File Inclusion Vulnerability- Criticality: High
- Description: Ashiyane Corporation has reported a vulnerability in the SpamOborona module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "phpbb_root_path" parameter in admin/admin_spam.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22438/
Secunia AdvisoriesOctober 16, 2006
From Tony Bradley, CISSP-ISSAP, for About.com
Explore Internet / Network Security
Must Reads
About.com Special Features
Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >
Easy ways to connect two computers for networking purposes. More >
©2009 About.com, a part of The New York Times Company.
All rights reserved.