header-logo
Suggest Exploit
vendor:
Pearl Forums
by:
Unknown
7.5
CVSS
HIGH
Local File Include
22
CWE
Product Name: Pearl Forums
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Local File Include Vulnerability in Pearl Forums

Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer. It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.

Mitigation:

Proper input validation and sanitization should be implemented in the application to prevent local file include vulnerabilities. Ensure that the application only accesses files that are intended to be accessed and restrict access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15433/info

Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.

It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.

http://www.example.com/support/index.php?mode=../../index

Navigation

Suggest Exploit

Services By CQR