Huski CMS Local File Include Vulnerability

vendor:

Huski CMS

by:

Unknown

7.5

CVSS

HIGH

Local File Include

CWE

Product Name: Huski CMS

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Huski CMS Local File Include Vulnerability

The Huski CMS is prone to a local file-include vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to compromise the application and the computer, and perform other possible attacks.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38126/info

Huski CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible. 

<?php
header ('Content-Type: text/html; charset=utf-8');
// Data Includes
include_once "PHPLib/db_mysql.inc";
include_once "Data/dbConnection.class.php";
include_once "Data/dbConfig.class.php";
include_once "Data/dataAdapter.class.php";
include_once "Quicksite/Core/domxml.class.php";


// Quicksite Core Includes
include_once "Quicksite/Core/all.inc.php";

// Configuration
include_once "Quicksite/db.config.php";
include_once "inc/vars.config.php";

// Initialise the Site
$site = new Site($_VARS['site']);
print_r($_SESSION['login']);
// Initialise the Page
$page = new Page($site, $_GET['id'], array_merge($_POST, $_GET));

// Load plugin sources
$page->loadPluginSources();

// Create the Page
$page->createPage();

echo $page->Result;
?>