Ax Developer CMS 0.1.1 (index.php module) Local File Inclusion Vulnerability

vendor:

Ax Developer CMS

by:

Unknown

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: Ax Developer CMS

Affected Version From: 2000.1.1

Affected Version To: 2000.1.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Ax Developer CMS 0.1.1 (index.php module) Local File Inclusion Vulnerability

The Ax Developer CMS version 0.1.1 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by manipulating the 'module' parameter in the index.php file to include arbitrary local files, such as sensitive system files like /etc/passwd. This can lead to unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of Ax Developer CMS that addresses this issue. Alternatively, ensure that user input is properly validated and sanitized before being used in file inclusion operations.

Source

Exploit-DB raw data:

                     ###################################
                     #    W w w . T r Y a G . C o m    #
#################################################################################
# Ax Developer CMS 0.1.1 (index.php module) Local File Inclusion Vulnerability  #
# http://sourceforge.net/projects/axdcms/                                       #
# POC :                                                                         #
# /index.php?module=../../../../../../../../etc/passwd%00                       #
#################################################################################
                     #    W w w . T r Y a G . C o m    #
                     ###################################

# milw0rm.com [2007-11-02]