vendor:
Admin Phorum
by:
Gold_M <Hacker_ [at] w.Cn> [Mahmood_ali]
7.5
CVSS
HIGH
File Include
CWE
Product Name: Admin Phorum
Affected Version From: 3.3.1.a
Affected Version To: 3.3.1.a
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability
This vulnerability allows an attacker to include arbitrary files by manipulating the 'include_path' parameter in the 'del.php' script of Admin Phorum 3.3.1.a. By exploiting this vulnerability, an attacker can execute arbitrary code or disclose sensitive information.
Mitigation:
To mitigate this vulnerability, it is recommended to apply the latest patch or update to a secure version of Admin Phorum. Additionally, ensure that input validation and sanitization are implemented for user-supplied parameters.