Title : FreeWebshop.org "lang_file" Parameter Handling Remote File Inclusion Vulnerability VUPEN ID : VUPEN/ADV-2007-0319 CVE ID : CVE-2007-0531
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-01-24
Technical Description
A vulnerability has been identified in FreeWebshop.org, which could be exploited by attackers to execute arbitrary commands. This issue is due to an input validation error in the "includes/login.php" script that does not validate the "lang_file" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
