Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-98 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
N/A | High | Remote | 2006-09-02 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 0.5 | 0.75 |
On Sun, 2006-08-20 at 01:55 +0000, Outlaw (at) aria-security (dot) net [email concealed] wrote: > ######################################################################## ################### > #Aria-Security.net Advisory # > #Discovered by: O.U.T.L.A.W # > > #< www.Aria-security.net > # > #Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # > # # > ######################################################################## ################### > > > #Software: Mambo Components ContXTD > #Attack method: Remote File Inclusion > #Source: > > ** ensure this file is being included by a parent file */ > defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); > > include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' ); The "defined( '_VALID_MOS' ) or die" you quoted is there to prevent this. You can't define that constant from POST or GET.
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.