arfis

automated Remote File Inclusion search

RFI (0.2): Puzzle Apps CMS September 14, 2007

Filed under: RFI — arfis @ 5:05 am

Project Name: Puzzle Apps CMS
Project Link: http://sourceforge.net/projects/puzzlecms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/puzzlecms/puzzle2-2.2.1.tar.gz
RFI Info:
File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/my/my.module.php
Line: 69
Vuln Code: include_once($MODULEDIR . “drivers/” . $DRIVER . “.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/xml/xml.module.php
Line: 3
Vuln Code: include_once($MODULEDIR . “drivers/xml.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/config.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “config/loader.config.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/platform.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/platform.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/core.loader.php
Line: 3
Vuln Code: include_once($COREROOT.”core/permissions.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/person.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/person.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/module.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “core/module.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/people.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET[“load”] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/general.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET[“load”] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/content.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET[“load”] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/templates.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET[“load”] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/webstat/MEC/index.php
Line: 100
Vuln Code: include($THISDIR . ‘nav.inc’);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/install/steps/step_3.php
Line: 44
Vuln Code: require($COREROOT . “modules/database/adodb/adodb-xmlschema.inc.php”);

(found with version 0.2 – 3386 projects processed so far)