vendor:
Online FlashQuiz
by:
NoGe
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Online FlashQuiz
Affected Version From: 1.0.2
Affected Version To: 1.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:elearningforce:online_flashquiz
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Online FlashQuiz 1.0.2 Remote File Inclusion Vulnerability
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'base_dir' parameter to '/component/com_onlineflashquiz/quiz/common/db_config.inc.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by including a malicious file.
Mitigation:
Input validation should be used to prevent the exploitation of this vulnerability.