vendor:
ar_memberscript
by:
ex0
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ar_memberscript
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
ar_memberscript – remote file include vulnerability (all versions)
ar_memberscript is a script used by many anime sites to manage their members, news, and some content, in some cases 'premium media'. The vulnerability is due to the lack of proper sanitization of user-supplied input to the 'script_folder' parameter in 'usercp_menu.php'. An attacker can exploit this vulnerability by sending a malicious URL to an unsuspecting user, which when clicked, will execute arbitrary code on the vulnerable system.
Mitigation:
Input validation should be used to prevent the exploitation of this vulnerability.
