header-logo
Suggest Exploit
vendor:
CMScout
by:
Unknown
7.5
CVSS
HIGH
Local File Include
22
CWE
Product Name: CMScout
Affected Version From: 02.09
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:cmscout:cmscout:2.09
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Local File Include Vulnerability in CMScout

CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Mitigation:

The vendor should release a patch that properly sanitizes user-supplied input to prevent directory-traversal attacks. Additionally, input validation and sanitization techniques should be implemented.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43260/info

CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

CMScout 2.09 is vulnerable; other versions may also be affected.

http://www.example.com/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00

Navigation

Suggest Exploit

Services By CQR