vendor:
Mangobery
by:
kezzap66345
5.5
CVSS
MEDIUM
Remote File Inclusion (RFI)
98
CWE
Product Name: Mangobery
Affected Version From: 2000.5.5
Affected Version To: 2000.5.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Not specified
2007
Mangobery-0.5.5
The Mangobery 0.5.5 script is vulnerable to Remote File Inclusion (RFI) attacks in the 'boxes/quotes.php' and 'templates/mangobery/footer.sample.php' files. An attacker can exploit this vulnerability by including a malicious file from a remote server using the 'Site_Path' parameter, leading to arbitrary code execution.
Mitigation:
To mitigate this vulnerability, the developer should sanitize user input and ensure that the 'Site_Path' parameter is not directly included in the file inclusion function.