vendor:
LokiCMS
by:
JosS
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: LokiCMS
Affected Version From: 2000.3.4
Affected Version To: 2000.3.4
Patch Exists: NO
Related CWE: N/A
CPE: a:lokicms:lokicms:0.3.4
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit
This exploit allows an attacker to include a local file on the server, such as the /etc/passwd file, by manipulating the 'language' parameter in the 'admin.php' file. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'language' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'language' parameter.
Mitigation:
Ensure that user-supplied input is properly sanitized before being used in the application.