BASE Multiple Script BASE_path Parameter Remote File Inclusion

The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host fails to sanitize input to the 'BASEpath' parameter before using it in PHP includeonce function in several scripts. Provided PHP's...

Limbo CMS sql.php classes_dir Parameter Remote File Inclusion

The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...

AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion

The remote host is running AngelineCMS, an open source content management system written in PHP. The version of AngelineCMS installed on the remote host fails to sanitize user-supplied input to the 'installPath' parameter of the '/kernel/loadkernel.php' script before using it in a PHP 'includeonc...

LinPHA 0.9.x1.0 - sec_stage_install.php Local File Inclusion

LinPHA 0.9.x1.0 - secstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...