2 matches found
CVE-2008-1862
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERYSTRING for certain path manipulations, which allows remote attackers to bypass this check via 1 POST or 2 COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusi...
CVE-2008-1862
ExBB Italia 0.22 and earlier are affected by PHP remote file inclusion vulnerabilities. The CVE-2008-1862 family describes checks on GET requests via QUERY_STRING that can be bypassed using POST or COOKIE variables, enabling RFI through URLs in the exbb[home_path] or new_exbb[home_path] parameter...