vendor:
YourFreeScreamer
by:
Crackers_Child
N/A
CVSS
HIGH
The vulnerability exists in the bodyTemplate.php file of YourFreeScreamer 1.0. The script uses the ‘include’ function without proper validation, allowing an attacker to include arbitrary files from the server. By manipulating the ‘serverPath’ parameter in the URL, an attacker can include a malicious file and execute arbitrary code.
98
CWE
Product Name: YourFreeScreamer
Affected Version From: YourFreeScreamer 1.0
Affected Version To: YourFreeScreamer 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
YourFreeScreamer 1.0 Remote File Ä°nclude
The vulnerability exists in the bodyTemplate.php file of YourFreeScreamer 1.0. The script uses the 'include' function without proper validation, allowing an attacker to include arbitrary files from the server. By manipulating the 'serverPath' parameter in the URL, an attacker can include a malicious file and execute arbitrary code.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in the script. Additionally, the use of file inclusion functions should be avoided if possible.
