vendor:
ClanSphere
by:
Marco Tulio ~> blkhtc0rp
7,5
CVSS
HIGH
Local File Include Vulnerability
98
CWE
Product Name: ClanSphere
Affected Version From: 2011.3
Affected Version To: 2011.3
Patch Exists: YES
Related CWE: N/A
CPE: a:clansphere:clansphere:2011.3
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Centos 5.7, Ubuntu 8.04 and FreeBSD 8
2012
ClanSphere 2011.3 (cs_lang cookie parameter) Local File Include Vulnerability
ClanSphere 2011.3 is vulnerable to a Local File Include vulnerability due to improper validation of the cs_lang cookie parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious cs_lang cookie parameter. This can allow an attacker to read arbitrary files on the server, such as the /etc/passwd file.
Mitigation:
Ensure that user input is properly validated and sanitized before being used in a file path.
