Puntal (index.php) Remote File Inclusion Vulnerabilities

From: eidelweiss@cyberservices.com
To: bugtraq@securityfocus.com
Subject: Puntal (index.php) Remote File Inclusion Vulnerabilities

Puntal could allow a remote attacker to include malicious PHP files. A remote attacker could send a specially-crafted URL request to the "index.php" script using the "app_path=" OR "puntal_path=" parameter to specify a malicious PHP file from a remote system, which would allow the attacker to execute arbitrary code on the vulnerable system.

Puntal 2.1.0 is vulnerable; other versions may also be affected.

An attacker can exploit these issues via a browser.

-=[P0C]=- [inj3ct0r sh3ll]
            or [inj3ct0r sh3ll

Copyright © 1995-2018 LinuxRocket.net. All rights reserved.