vendor:
Libstats
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Libstats
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Libstats 1.0.3 <= Remote File Inclusion Vulnerability
The vulnerability exists in the 'template_csv.php' file of Libstats version 1.0.3 and earlier. It allows an attacker to include remote files by manipulating the 'rInfo[content]' parameter. An example exploit URL is provided.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of Libstats or apply appropriate input validation to the 'rInfo[content]' parameter.