frontaccounting 1.12 build 31 - Remote File Inclusion Vulnerability

0x01漏洞简介 FrontAccounting 1.12 Build 31的config.php中存在PHP远程文件包含漏洞。远程攻击者可以借助pathtoroot参数中的一个URL，执行任意PHP代码。 0x02漏洞分析 漏洞代码位于config.php文件中，如下所示： includeonce$pathtoroot . "/configdb.php"; includeonce$pathtoroot . "/includes/lang/language.php"; 参数$pathtoroot没有进行正确的处理，导致了文件包含漏洞的产生。 0x03漏洞利用...

YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== YACS CMS 8.11 updatetrailer.php Remote File Inclusion Vulnerability ==================================================================== -----------------remote file...

PT-2007-6241 · Frontaccounting · Frontaccounting

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting FA 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to 1 access/logout.php or certain PHP scripts under 2 admin/, 3 dimensions/, 4 gl/, 5 inventory/, 6 manufacturing/, 7...

PT-2007-5470 · Frontaccounting · Frontaccounting

Name of the Vulnerable Software and Affected Versions: FrontAccounting version 1.12 Build 31 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to root parameter in the config.php file. Recommendations: For FrontAccounting version 1.12 Build 31,...

PT-2006-5352 · Yacs · Yacs Cms

Name of the Vulnerable Software and Affected Versions: YACS CMS version 6.6.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the contextpath to root parameter in several PHP files, including "articles/populate.php", "categories/category.php",...