Basilix PHP Include File Vulnerability

vendor:

Basilix

by:

SecurityFocus

7.5

CVSS

HIGH

PHP Include File Vulnerability

CWE

Product Name: Basilix

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Basilix PHP Include File Vulnerability

Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied remotely. Basilix do not properly filter malicious user-supplied input. It is possible for remote attackers to have Basilix attempt to 'include' an arbitrary webserver-readable file. This vulnerability may disclose sensitive information contained in arbitrary web-readable files. It may also be possible for remote attackers to execute php files.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly filtered.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2995/info

Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.

During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied remotely. Basilix do not properly filter malicious user-supplied input. It is possible for remote attackers to have Basilix attempt to 'include' an arbitrary webserver-readable file.

This vulnerability may disclose sensitive information contained in arbitrary web-readable files. It may also be possible for remote attackers to execute php files. 

http://beta.basilix.org/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah