vendor:
RicarGBooK
by:
Dj7xpl
N/A
CVSS
HIGH
Local File Inclusion
CWE
Product Name: RicarGBooK
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
RicarGBooK 1.2.1
The vulnerability exists in the 'Header.php' file of RicarGBooK 1.2.1. It allows an attacker to include arbitrary files from the server by manipulating the 'lang' cookie parameter. This can lead to unauthorized access to sensitive files or remote code execution.
Mitigation:
The vendor should release a patch that validates and sanitizes user input for the 'lang' cookie parameter. Users should update to the latest version of RicarGBooK to mitigate this vulnerability.