vendor:
Ignition
by:
cOndemned
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Ignition
Affected Version From: 1.2
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: ignition:1.3
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
Ignition 1.3 (page) Local File Inclusion Vulnerability
Ignition 1.3 is vulnerable to Local File Inclusion (LFI) vulnerability. This vulnerability can be exploited by an attacker to include local files on the server. The attacker can send a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable page.php script in order to include local files from the web server. The vulnerability is due to insufficient sanitization of user-supplied input passed via the 'page' parameter. An attacker can exploit this vulnerability to include local files from the web server and execute arbitrary code on the vulnerable system.
Mitigation:
The best way to mitigate this vulnerability is to ensure that user-supplied input is properly sanitized and validated. The application should also be configured to use the latest version of PHP and the 'magic_quotes_gpc' should be turned off.
