vendor:
MyPHP CMS
by:
Kw3[R]Ln
N/A
CVSS
N/A
Remote File Include
CWE
Product Name: MyPHP CMS
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2006
MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerabilities
Variable $domain not sanitized. When register_globals=on, an attacker can exploit this vulnerability with a simple PHP injection script.
Mitigation:
Declare variable $domain
