PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...

Directory traversal

Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via 1 a .. dot dot, 2 a URL, or possibly 3 a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are...

Code injection

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...