CVE-2008-6543 Information

Description

Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3 (2) locate.php3 (3) search_results.php3 (4) classifieds/index.php3 and (5) classifieds/view.php3; (6) index.php3 (7) manager.php3 (8) pass.php3 (9) remember.php3 (10) sign-up.php3 (11) update.php3 (12) userSet.php3 and (13) verify.php3 in controlcenter/; (14) alterCats.php3 (15) alterFeatured.php3 (16) alterHomepage.php3 (17) alterNews.php3 (18) alterTheme.php3 (19) color_help.php3 (20) createdb.php3 (21) createFeatured.php3 (22) createHomepage.php3 (23) createL.php3 (24) createM.php3 (25) createNews.php3 (26) createP.php3 (27) createS.php3 (28) createT.php3 (29) index.php3 (30) mailadmin.php3 and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc (35) include/usersHead.inc and (36) style/default.scheme.inc.

Reference

http://www.securityfocus.com/bid/28417 http://www.securityfocus.com/bid/28417/exploit https://exchange.xforce.ibmcloud.com/vulnerabilities/42469