lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <456B4F6C.2090503@francesco-laurita.info> Date: Mon, 27 Nov 2006 21:49:48 +0100 From: Francesco Laurita <francesco@...ncesco-laurita.info> To: philip anselmo <spoonman500@...mail.com> Cc: bugtraq@...urityfocus.com Subject: Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo ha scritto: > Vulnerable Code: > *************** > require_once("$cutepath/inc/functions.inc.php"); > require_once("$cutepath/data/config.php"); > > affected file: search.php & show_news.php & show_archives.php > ---------------------------------------------------------------------- Please mark it as bogus. $cutepath is defined some lines above: $cutepath = __FILE__; Regards