Description
PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter.
Affected products
- andrew_godwin / bytehoard2.1_delta – 2.1_delta
- andrew_godwin / bytehoard2.1_epsilon – 2.1_epsilon
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/2110
- MISChttp://www.securityfocus.com/bid/18234
- VENDOR_ADVISORYhttp://secunia.com/advisories/20400
- MISChttp://www.securityfocus.com/archive/1/435728/100/0/threaded
- MISChttp://www.osvdb.org/25948
- MISChttp://securitytracker.com/id?1016207
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/26936
- EXPLOIThttps://www.exploit-db.com/exploits/1860