vendor:
Internal range (site protection)
by:
Ahmad Muammar W.K (a.k.a) y3dips
9
CVSS
CRITICAL
Remote File Inclusion
79
CWE
Product Name: Internal range (site protection)
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
[ECHO_ADV_64$2007] Openi CMS plugins (site protection) remote file inclusion
Variables "oi_dir" in index.php are not properly sanitized. An attacker can exploit this vulnerability with a simple php injection script.
Mitigation:
Properly sanitize user input and validate file paths.