vendor:
Monster Top List
by:
fluffy_bunny
7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name: Monster Top List
Affected Version From: 1
Affected Version To: 1.4.2002
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Monster Top List <= 1.4.2 remote Command Execution Vulnerabilities
The Monster Top List <= 1.4.2 is vulnerable to remote command execution. An attacker can exploit this vulnerability by sending a malicious request to the functions.php file, including the path to an evil script. This allows the attacker to execute arbitrary commands on the target system.
Mitigation:
The vendor should release a patch to fix this vulnerability. In the meantime, users are advised to restrict access to the functions.php file and implement proper input validation to prevent malicious inputs.