9 lines
No EOL
731 B
Text
9 lines
No EOL
731 B
Text
source: http://www.securityfocus.com/bid/22669/info
|
|
|
|
Simple Plantilla PHP is prone to multiple input-validation issues, including a local file-include vulnerability and an arbitrary file-upload vulnerability.
|
|
|
|
Attackers can exploit the local file-include vulnerability using directory-traversal strings to execute local script code in the context of the application. Attackers can exploit the arbitrary file-upload to execute malicious PHP code in the context of the webserver process.
|
|
|
|
Exploiting these issues may allow attackers to compromise the application and the underlying system or to access sensitive information; other attacks are also possible.
|
|
|
|
http://www.example.com/zadminxx/list_main_pages.php?nfolder=/etc/ |