vendor:
VHD Web Pack
by:
Alexandr Polyakov, Stas Svistunovich
7.5
CVSS
HIGH
Local File Include
94
CWE
Product Name: VHD Web Pack
Affected Version From: VHD Web Pack 2.0
Affected Version To: VHD Web Pack 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:divideconcept:vhd_web_pack:2.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
DSECRG-08-010
VHD Web Pack 2.0 system has Local file Include security vulnerability. Attacker can inject PHP code and execute OS commands with webserver user privileges. Vulnerable script /vhdwebpack/index.php vulnerable parameter 'page'. Example: http://[server]/vhdwebpack/index.php?page=/../../../../../../../../boot.ini
Mitigation:
N/A