Remote file inclusion

2010-02-2221:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.

CPENameOperatorVersion
katalog_stron_hurricaneeq1.3.5

CPE	Name	Operator	Version
	katalog_stron_hurricane	eq	1.3.5

References

osvdb.org/62340

packetstormsecurity.org/1002-exploits/katalog-rfisql.txt

secunia.com/advisories/38581

www.exploit-db.com/exploits/11452