vendor:
Megacubo
by:
Nine:Situations:Group::pyrokinesis
N/A
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Megacubo
Affected Version From: 5.0.7
Affected Version To: 5.0.7
Patch Exists: NO
Related CWE:
CPE: a:megacubo_project:megacubo:5.0.7
Platforms Tested: Internet Explorer 8 beta 2 / XP SP 3
2008
Megacubo 5.0.7 (mega://) remote eval() injection exploit
Arbitrary PHP code can be passed to the 'play' command of 'mega://' URI handler, which is further copied to the c:DATASTORE.txt temporary file and evaluated. The 'con' argument is used to bypass a file_exists() check.
Mitigation:
Update to a patched version of Megacubo.