vendor:
Rezervi Generic
by:
GolD_M
7.5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Rezervi Generic
Affected Version From: 0.9
Affected Version To: 0.9
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Rezervi Generic 0.9(root) Remote File Include Vulnerabilities
The Rezervi Generic 0.9 script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file via the 'root' parameter in various files within the templates and belegungsplan directories. This allows the attacker to execute arbitrary code on the target system.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and properly validate file inclusion paths. Additionally, keeping the script and all its dependencies up to date with the latest security patches is advised.