phpVibe Multiple Vulnerabilities

vendor:

phpVibe

by:

SecurityFocus

7,5

CVSS

HIGH

Information Disclosure and Remote File Include

200, 264, 98

CWE

Product Name: phpVibe

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: YES

Related CWE: N/A

CPE: phpVibe

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

phpVibe Multiple Vulnerabilities

phpVibe is prone to an information-disclosure vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information or execute malicious PHP code in the context of the web server process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Mitigation:

Ensure that the application is kept up to date with the latest security patches and updates.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/61026/info

phpVibe is prone to an information-disclosure vulnerability and multiple remote file-include vulnerabilities.

An attacker can exploit these issues to obtain potentially sensitive information or execute malicious PHP code in the context of the web server process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

phpVibe 3.1 is vulnerable; other versions may also be affected. 

http://www.example.com/phpVibe/index.php?com_handler=[EV!L]
http://www.example.com/phpVibe/app/classes/language.php?LANGUAGE_DIR=[EV!L]
http://www.example.com/phpVibe/app/classes/language.php?lang=[EV!L]
http://www.example.com/setup/application/views/displays/modules/backups/