vendor:
AWBS
by:
DamaR
7.5
CVSS
HIGH
Remote file inclusion
98
CWE
Product Name: AWBS
Affected Version From: 2.4.2000
Affected Version To: 2.4.2000
Patch Exists: NO
Related CWE:
CPE: a:awbs:awbs:2.4.0
Platforms Tested:
2007
AWBS v2.4.0 Remote file include[cart2.php]
The AWBS v2.4.0 application is vulnerable to remote file inclusion. An attacker can include a remote file in the 'workdir' parameter of the 'cart2.php' script. This can lead to arbitrary code execution or information disclosure.
Mitigation:
Apply the vendor-supplied patch or upgrade to a newer version of AWBS that addresses the vulnerability. Also, ensure that user-supplied input is properly validated and sanitized before being used in file inclusion operations.