SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion
| EKU-ID: 32603 | CVE: CVE-2006-0976;OSVDB-23522 | OSVDB-ID: |
| Author: NSA Group | Published: 2006-02-25 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32603 | CVE: CVE-2006-0976;OSVDB-23522 | OSVDB-ID: |
| Author: NSA Group | Published: 2006-02-25 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16822/info SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue may facilitate the unauthorized viewing of files and execution of local scripts. http://www.example.com/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00