header-logo
Suggest Exploit
vendor:
aWebNews
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: aWebNews
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

aWebNews Multiple Remote File-Include Vulnerabilities

The aWebNews application is prone to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities by including an arbitrary remote file that contains malicious PHP code and executing it in the context of the webserver process. This can lead to the compromise of the application and the underlying system, allowing for various other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest patches and updates provided by the vendor. Additionally, proper input validation and sanitization should be implemented to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22781/info

aWebNews is prone to multiple remote file-include vulnerabilities.

An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. 

http://www.example.com/[aWebNewsPaTh]/listing.php?path_to_news=[Shell]

Navigation

Suggest Exploit

Services By CQR