vendor:
Bradabra
by:
GolD_M = Mahmood_ali
7.5
CVSS
HIGH
Remote File Inclusion
Not specified
CWE
Product Name: Bradabra
Affected Version From: v2.0.5
Affected Version To: Not specified
Patch Exists: No
Related CWE: Not specified
CPE: Not specified
Platforms Tested: Not specified
Not specified
Bradabra v2.0.5 Remote File Include Vulnerability
The vulnerability allows an attacker to include a remote file in the 'includes.php' file of the Bradabra v2.0.5 script. By manipulating the 'include_path' parameter, an attacker can include a malicious file from a remote server, potentially leading to remote code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the Bradabra script that addresses the remote file inclusion issue. Additionally, it is important to validate and sanitize user-supplied input to prevent malicious file inclusion.