XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052590 漏洞类型
发布时间 2008-08-02 更新时间 2008-08-02
CVE编号 CVE-2008-3398
CVE-2008-3399
CVE-2008-3400
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008080093
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
##############################################################

XMRS Multiple Vulnerabilities (ZeroDay at 25-07-2008)

Author: AzzCoder [azzcoder (at) hotmail (dot) com [email concealed]]

Product: http://www.xrms.org/

Product Type: CRM

Thanks: coresecurity.com

Remote File Inclusion

File: activities/workflow-activities.php

Variable: $include_directory

Required register_globals: Yes

XSS

Multiple Files

Variable: $msg

Quote limitations: Yes

Information Gathering

tests/info.php

phpinfo() call

##############################################################

# milw0rm.com [2008-07-25]