Input passed to the “phpbb_root_path” parameter in “auction/auction_common.php” isn’t properly verified, before it is used to include files.投入,通过向“ phpbb_root_path ”参数,在“拍卖/ auction_common.php ”不是适当核实之前,它是用来包含文件。 This can be exploited to include arbitrary files from external and local resources.这可以被利用来包括任意文件从外部和本地资源。

The vulnerability, discovered by VietMafia, has been confirmed in version 1.3m.的脆弱性,发现vietmafia ,已被证实在版本一点三米。 Other versions may also be affected.其他版本也可能受到影响。

Protection / Solution 保护/解决方案
1. 1 。 Disable “register_globals”禁用“了register_globals ”
2. 2 。 Edit the source code to ensure that input is properly verified.编辑源代码,以确保输入是适当的验证。

via通过 Pridels pridels