Php Remote File Include Vulnerability In Admin/ vulnerability report
vulnerabilities.aspcode.net
Phase:
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
References
BUGTRAQ:Saturday, April 29, 2006 I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N | URL:http://www.securityfocus.com/archive/1/archive/1/432596/100/0/threaded | BUGTRAQ:Friday, April 28, 2006 [Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl
Votes:
Assigned (Monday, May 01, 2006)
Comments:
None (candidate not yet proposed)
F7:
Tagged as
admin/config_settingstplphp
vulnerability
include_path
parameter
attackers
arbitrary
Platinum
include
execute
I-RATER
remote
allows
code
file
PHP
via
URL