Sphider admin/configset.php settings_dir Variable Remote File Inclusion

2006-04-12T04:47:36
ID OSVDB:24586
Type osvdb
Reporter OSVDB
Modified 2006-04-12T04:47:36

Description

Technical Description

This vulnerability is only present when the allow_url_fopen PHP option is 'on' and the register_globals PHP option is 'off'.

References:

Vendor URL: http://www.cs.ioc.ee/~ando/sphider/ Secunia Advisory ID:19642 Generic Exploit URL: http://milw0rm.com/exploits/1665 FrSIRT Advisory: ADV-2006-1341 CVE-2006-1784 Bugtraq ID: 17514