Description
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
Exploits (1)
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16780
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425783/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015667
Exploit, Vendor Advisory x_refsource_misc
http://www.kapda.ir/advisory-268.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0703
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24899
Scores
EPSS
0.0708
EPSS Percentile
91.6%
Details
Status
published
Products (2)
phpoutsourcing/noahs_classifieds
1.2
phpoutsourcing/noahs_classifieds
1.3
Published
Feb 24, 2006
Tracked Since
Feb 18, 2026