vendor:
Beacon
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Beacon
Affected Version From: Beacon 2.0
Affected Version To: Beacon 2.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Beacon => 2.0 Remote File Inclusion (languagePath)
This exploit allows an attacker to include remote files by manipulating the 'languagePath' parameter in the 'splash.lang.php' file of the Beacon 2.0 application.
Mitigation:
To mitigate this vulnerability, users should update to the latest version of Beacon, which is not affected by this exploit.