TUCoPS :: Web :: CMS / Portals :: b06-3742.htm

SiteDepth CMS <= 3.01 - Remote File Include Vulnerability
SiteDepth CMS <= 3.01 - Remote File Include Vulnerability
SiteDepth CMS <= 3.01 - Remote File Include Vulnerability


[MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability=0D
----------------------------------------------------------=0D
=0D
Software: SiteDepth CMS=0D
=0D
Version: <=3.01=0D
=0D
Type: Remote File Include Vulnerability=0D
=0D
Made public: July, 18th 2006=0D
=0D
Vendor: SiteDepth.com=0D
=0D
Page: http://sitedepth.com=0D 
=0D
Rated as: High Risk=0D
=0D
=0D
Credits:=0D
----------------------------------------------=0D
Discovered by: David "Aesthetico" Vieira-Kurz=0D
http://www.majorsecurity.de=0D 
=0D
Original Advisory:=0D
----------------------------------------------=0D
http://www.majorsecurity.de/advisory/major_rls20.txt=0D 
=0D
Affected Products:=0D
-------------------------------=0D
SiteDepth CMS 3.01 and prior=0D
=0D
Description:=0D
-------------------------------=0D
SiteDepth is the most powerful adult paysite CMS on the market!=0D
=0D
Requirements:=0D
-------------------------------=0D
register_globals = On=0D
=0D
Vulnerability:=0D
-------------------------------=0D
Input passed to the "SD_DIR" parameter in "constants.php" is not=0D
properly verified, before it is used to include files.=0D
This can be exploited to execute arbitrary code by including files from external resources.=0D
=0D
Solution:=0D
-------------------------------=0D
=0D
Edit the source code to ensure that input is properly sanitised.=0D
Set "register_globals" to "Off".=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH