newsPHP 216 - Remote File Include Vulnerability

ID EDB-ID:23057
Type exploitdb
Reporter Officerrr
Modified 2003-08-25T00:00:00


newsPHP 216 Remote File Include Vulnerability. Webapps exploit for php platform


A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host.

The issue is reported to exist in the LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code on a vulnerable system by a remote attacker.[LangFile]=/evil/file