Remote file inclusion

2009-03-1910:30:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.087 Low

EPSS

Percentile

94.6%

JSON

PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via … (dot dot) sequences.

CPENameOperatorVersion
mega_file_hosting_scripteq1.2

CPE	Name	Operator	Version
	mega_file_hosting_script	eq	1.2

References

osvdb.org/52789

secunia.com/advisories/34325

www.securityfocus.com/bid/34157

exchange.xforce.ibmcloud.com/vulnerabilities/49302

www.exploit-db.com/exploits/8230