PpalCart参数远程文件包含漏洞

PpalCart是一款基于PHP的电子购物程序。 PpalCart不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'index.php'和'mainpage.php'脚本对用户提交的'proMod'和'docroot'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 ppalCart ppalCart 2.5 EE 目前没有解决方案提供,请关注以下链接： http://www.profitcode.com/...

ppalCart V(2.5 EE) Remote File Inclusion

+-------------------------------------------------------------------- + + ppalCart V2.5 EE Remote File Inclusion + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: ppalCart 2.5 EE + Venedor ...........:...

ppalCart.txt

+-------------------------------------------------------------------- + + ppalCart V2.5 EE Remote File Inclusion + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: ppalCart 2.5 EE + Venedor ...........:...

CVE-2006-4672

Summary (CVE-2006-4672): A PHP remote file inclusion vulnerability exists in profitCode ppalCart 2.5 EE, potentially part of PayProCart. An attacker can cause arbitrary PHP code execution by supplying a URL in the (1) proMod parameter to index.php, or the (2) docroot parameter to index.php or mai...

CVE-2006-4672

PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the 1 proMod parameter to a index.php, or the 2 docroot parameter to b index.php or c mainpage.php...