Description
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
Affected products
- alstrasoft / epay2.0 – 2.0
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/14802
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111247198021626&w=2
- MISChttp://www.securityfocus.com/bid/12973