vendor:
MOSMediaLite451
by:
k1n9k0ng
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: MOSMediaLite451
Affected Version From: MOSMediaLite451
Affected Version To: MOSMediaLite451
Patch Exists: NO
Related CWE:
CPE: a:mosmedialite:mosmedialite451
Platforms Tested:
2007
MOSMediaLite451 Exploit
The MOSMediaLite451 script is vulnerable to remote file inclusion. The vulnerability allows an attacker to include and execute arbitrary files from a remote server by manipulating the 'mosConfig_absolute_path' parameter in various PHP files.
Mitigation:
The vendor should release a patch to fix the vulnerability. In the meantime, users are advised to remove or restrict access to the affected files.
