vendor:
iziContents
by:
irk4z@yahoo.pl
N/A
CVSS
N/A
Remote File Inclusion (RFI), Local File Inclusion (LFI), Remote File Disclosure
CWE
Product Name: iziContents
Affected Version From: RC6
Affected Version To: RC6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
2007
iziContents <= RC6 (RFI/LFI) Multiple Remote Vulnerabilities
The iziContents <= RC6 has multiple vulnerabilities that can lead to remote file inclusion, local file inclusion, and remote file disclosure. The RFI vulnerabilities can be exploited through various modules such as search.php, inlinepoll.php, showpoll.php, showlinks.php, and submit_links.php. The LFI vulnerabilities can be exploited through poll_summary.php and db.php. The remote file disclosure vulnerability can be exploited through tiny_mce_gzip.php.
Mitigation:
Unknown