Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion

2014-07-01T00:00:00
ID SSV:83472
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/23874/info
                                   
Campsite is prone to multiple remote file-include vulnerabilities.
                                   
Exploiting this issue allows remote attackers to execute code in the context of the webserver.
                                   
This issue affects Campsite 2.6.1. Earlier versions may also be affected.

http://www.example.com/db_connect.php?g_DocumentRoot=shell.txt?