OpenEngine is a PHP based CMS.
The parameter "template" is not correctly checked, for this you can include
other scripts which will be interpreted.
All actual versions are vulnerable (up to 1.8 Beta 2, which is the newest one),
only the paths and consequences differ.
For example you can bro
Webdeskpro has 4 role authority levels- author, editor, administrator,
master
We found a vulnerability in Webdeskpro UI.
After login, if we modify some role variables as follows , we can read
upper role levels files.
Role Modification
we can modify upper source as follows
On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
>> What could be useful would be a tag working like
>>
>>
>>
This would just try to fix one of the symptoms. Something more
fundamentally
is wrong: Data and executable code do not belong together. Violation of
this brought us macro viruse