vendor:
DesktopOnNet 3 Beta
by:
MK
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: DesktopOnNet 3 Beta
Affected Version From: DesktopOnNet 3 Beta
Affected Version To: DesktopOnNet 3 Beta
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
DesktopOnNet 3 Beta Remote File Inclusion
A Remote File Inclusion vulnerability exists in DesktopOnNet 3 Beta, which allows an attacker to include a remote file containing malicious code and execute it on the vulnerable system. The vulnerability is due to the 'app_path' parameter in 'don3_requiem.php' and 'frontpage.php' scripts not properly sanitized before being used to include files.
Mitigation:
Input validation should be used to prevent the inclusion of remote files.
