Sonium Enterprise Adressbook delete.php folder Variable Remote File Inclusion

2006-08-18T08:48:57
ID OSVDB:28033
Type osvdb
Reporter OSVDB
Modified 2006-08-18T08:48:57

Description

Manual Testing Notes

http://[target]/plugins/1_Adressbuch/delete.php?folder=[script]

References:

Vendor URL: http://www.sonium-php.de/ Secunia Advisory ID:21553 Other Advisory URL: http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0388.html FrSIRT Advisory: ADV-2006-3334 CVE-2006-4311 Bugtraq ID: 19597