Vulnerabilities > CVE-2007-6539 - Code Injection vulnerability in Idevspot Isupport 1.8
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
|description||iDevSpot iSupport 1.8 'index.php' Local File Include Vulnerability. CVE-2007-6539. Webapps exploit for php platform|
|title||iDevSpot iSupport 1.8 - 'index.php' Local File Include Vulnerability|