header-logo
Suggest Exploit
vendor:
HolaCMS
by:
SecurityFocus
7.5
CVSS
HIGH
File Include Vulnerability
98
CWE
Product Name: HolaCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HolaCMS File Include Vulnerability

A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included via exploitation may allow for information to be edited. It is not known if this may also be exploited to include remote files. If this is the case, this issue could also lead to remote command execution.

Mitigation:

Ensure that the application is not vulnerable to file inclusion attacks by validating user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8416/info

A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included via exploitation may allow for information to be edited.

It is not known if this may also be exploited to include remote files. If this is the case, this issue could also lead to remote command execution.

http://www.example.com/path_of_hola/admin/cms/htmltags.php?datei=./sec/data.php

Navigation

Suggest Exploit

Services By CQR