header-logo
Suggest Exploit
vendor:
phpMyDesktop|arcade
by:
SecurityFocus
7.5
CVSS
HIGH
Local File Include
98
CWE
Product Name: phpMyDesktop|arcade
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

phpMyDesktop|arcade Local File Include Vulnerability

phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. An attacker may also be able to execute arbitrary code by way of uploaded images. The vulnerability is present due to insufficient sanitization of user-supplied input to the 'todo' parameter in 'index.php' when 'showsubsite' is specified.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18185/info

phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.

An attacker may also be able to execute arbitrary code by way of uploaded images.

http://www.example.com/index.php?todo=showsubsite&subsite=[file]%00

Navigation

Suggest Exploit

Services By CQR