vendor:
Froxlor
by:
DIES3L
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Froxlor
Affected Version From: 2000.9.15
Affected Version To: 2000.9.15
Patch Exists: NO
Related CWE: N/A
CPE: a:froxlor:froxlor:0.9.15
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu, Windows 7
2011
Froxlor v 0.9.15 Remote file include vulnerbility
Froxlor v 0.9.15 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a URL in the 'id' parameter of the 'customer_ftp.php' script. This URL points to a malicious file which is then included and executed on the vulnerable server.
Mitigation:
The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. Additionally, the application should be kept up to date with the latest security patches.