- Mark FORBIDDEN: multiple vulnerabilities
Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
function in include/validate.inc.php is not properly sanitised before being
used. This can be exploited to inject and execute arbitrary PHP code.
The application allows users to perform certain actions via HTTP requests
performing any validity checks to verify the requests. This can be exploited to
create users by enticing a logged in administrator to visit a malicious web
Input passed to the "srclang" parameter in locales.php (when "next" is set to a
value) is not properly verified before being used to include files. This can be
exploited to include arbitrary files from local resources via directory
attacks and URL-encoded NULL bytes.
With hat: secteam