Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Darkportal-unix | Dark_hart_portal | 0.1.16 (including) | 0.1.16 (including) |
| Darkportal-unix | Dark_hart_portal | 0.1.17 (including) | 0.1.17 (including) |
| Darkportal-unix | Dark_hart_portal | 0.1.18 (including) | 0.1.18 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=440666\u0026group_id=20971\u0026atid=120971
- http://www.securityfocus.com/bid/3390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=440666\u0026group_id=20971\u0026atid=120971
- http://www.securityfocus.com/bid/3390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215