vendor:
DOOP CMS
by:
@vladii
5.5
CVSS
MEDIUM
Local File Inclusion
CWE
Product Name: DOOP CMS
Affected Version From: <=1.3.7
Affected Version To: <=1.3.7
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
DOOP CMS <=1.3.7 Local File Inclusion
The vulnerability allows an attacker to include local files on the server by manipulating the 'page' parameter in the URL. It can be exploited if the 'magic_quotes_gpc' setting is set to OFF.
Mitigation:
Enable 'magic_quotes_gpc' setting or upgrade to a newer version of DOOP CMS that fixes the vulnerability.
