Zone-H.org - Unrestricted Information - File Inclusion Vulnerability in Ad Manager Pro

File Inclusion Vulnerability in Ad Manager Pro

Wednesday, 21 June 2006

Basti has reported a vulnerability in Ad Manager Pro, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "ipath" parameter in common.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

The vulnerability has been reported in version 2.6. Other versions may also be affected.

Solution:
Apply patch available from the vendor.

Original Advisory:
http://secunia.com/advisories/20744/
http://milw0rm.com/exploits/1923

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]