vendor:
Directory
by:
Ghost Hacker
9.3
CVSS
HIGH
RFI
98
CWE
Product Name: Directory
Affected Version From: 1.1.2001
Affected Version To: 1.1.2001
Patch Exists: Yes
Related CWE: N/A
CPE: a:freedirectoryscript:directory
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Directory v1.1.1 (API_HOME_DIR) RFI Vulnerability
The Directory v1.1.1 script is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the API_HOME_DIR parameter of the init.php script.
Mitigation:
The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the Directory v1.1.1 script.