CentiPaid centipaid_class.php class_pwd Variable Remote File Inclusion

2006-10-28T00:00:00
ID OSVDB:31638
Type osvdb
Reporter Firewall(firewall1954@hotmail.com)
Modified 2006-10-28T00:00:00

Description

Vulnerability Description

CentiPaid has been reported to contain a file inclusion vulnerability in the "class_pwd" field of centipaid_class.php. However, subsequent examination indicates that the variable is previously set and can not be manipulated by an attacker.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

CentiPaid has been reported to contain a file inclusion vulnerability in the "class_pwd" field of centipaid_class.php. However, subsequent examination indicates that the variable is previously set and can not be manipulated by an attacker.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html CVE-2006-6975