vendor:
N/X Web Content Management System
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include Vulnerability
98
CWE
Product Name: N/X Web Content Management System
Affected Version From: N/X Web Content Management System
Affected Version To: N/X Web Content Management System
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
N/X Web Content Management System Remote File Include Vulnerability
N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for some parameters. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.
Mitigation:
Ensure that all user-supplied input is validated and filtered before being used in a file include operation.
