vendor:
Cerulean Portal System
by:
xoron
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Cerulean Portal System
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Cerulean Portal System (phpbb_root_path) Remote File Include Exploit
This exploit allows an attacker to include arbitrary files from a remote server by manipulating the 'phpbb_root_path' parameter in the 'portal.php' script. By including a malicious script, an attacker can execute arbitrary code on the target server.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and validate the included files to prevent any unauthorized access.