header-logo
Suggest Exploit
vendor:
EstateAgent Component
by:
SecurityFocus
N/A
CVSS
N/A
Remote File Include
98
CWE
Product Name: EstateAgent Component
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: None
CPE: None
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Mambo EstateAgent Component Remote File Include Vulnerability

The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19625/info

The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This BID has been retired because this issue is not exploitable.

http://www.example.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell

Navigation

Suggest Exploit

Services By CQR