vendor:
PowerBook
by:
Digital Security Research Group [DSecRG]
7.5
CVSS
HIGH
Local File Include
98
CWE
Product Name: PowerBook
Affected Version From: 1.21
Affected Version To: 1.21
Patch Exists: NO
Related CWE: N/A
CPE: a:powerscripts:powerbook
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
[DSECRG-08-019] Digital Security Research Group [DSecRG] Advisory
Local File Include vulnerability found in script pb_inc/admincenter/index.php Non-authentication user can directly access to this script. To exploit this vulnerability REGISTER_GLOBALS option must be ON in php config file.
Mitigation:
Disable the REGISTER_GLOBALS option in php config file.