vendor:
burnCMS
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: burnCMS
Affected Version From: 0.2
Affected Version To: 0.2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
burnCMS <= 0.2 (root) Remote File Include Vulnerabilities
The burnCMS version 0.2 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting malicious code into the 'root' parameter in various files like 'authuser.php', 'misc.php', 'connect.php', 'mysql.class.php', and 'postgres.class.php'. This allows the attacker to include and execute arbitrary files from remote servers, potentially leading to remote code execution.
Mitigation:
Update to the latest version of burnCMS or apply a patch that fixes the remote file inclusion vulnerability. Additionally, input validation and sanitization should be implemented to prevent such vulnerabilities.