artmedic CMS Local File Inclusion

vendor:

artmedic CMS

by:

iNs

5.5

CVSS

MEDIUM

LFI

CWE

Product Name: artmedic CMS

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

artmedic CMS Local File Inclusion

The artmedic CMS is vulnerable to local file inclusion (LFI) attacks. An attacker can exploit this vulnerability by manipulating the 'page' parameter in the 'index.php' file. By including local files, the attacker can view sensitive information, execute arbitrary code, or perform other malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of artmedic CMS or apply the patch provided by the vendor. Additionally, input validation and filtering should be implemented to prevent malicious file inclusion.

Source

Exploit-DB raw data:

#######################################
X---- w w w . u N k n 0 w n . e u ----X
#######################################

artmedic CMS Local File Inclusion

::Home:
artmedic-cms.de

::Vuln Type :
 LFI

::Discovered by :
 iNs


PoC:
http://server/cms/index.php?page=[LFI]
http://server/index.php?page=[LFI]

d0rK:
CMS von artmedic webdesign


:: iNs ::

::Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 -
nexos - sh4m4n - Svarshik - naxx - phew - Z
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy.org - ActiveSpy - steve10120 - lord - polifemo - craw -
Xplorer_eX - antik
idscript2003
PitBull Crew - The_PitBull - MaxDeMon - SancheZ - RedBull - ResellerZ
- r0x00k - c0ol
milw0rm.com - str0ke
darkc0de.com - d3hydr8

# milw0rm.com [2007-10-16]