EID-ID: 18099 CVE: 2011-4713 Author: Stefan Schurtz Type: WEBAPPS Platform: PHP Date: 2011-11-09 Vulnerable App: osCSS2 Vulnerability Description: - osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability. Vulnerable Code: - PoC-Exploit: - - Solution: - Fixed in svn branch 2.1.0 and reported in develop version 2.1.1 References: - http://oscss.org/ - http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html - http://dev.oscss.org/task/892 - http://www.ru13z.de/advisories/SSCHADV2011-034.txt