vendor:
CMS
by:
HACKERS PAL
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: CMS
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
idmos-phoenix cms Remote File inclusion
This vulnerability allows an attacker to include remote files on the server. In this case, an attacker can include the 'cmd.txt' file from the localhost and execute the 'dir' command.
Mitigation:
The vulnerability can be mitigated by properly sanitizing user input and using secure coding practices to prevent remote file inclusion attacks.