vendor:
MaticMarket
by:
xer0x
7,5
CVSS
HIGH
Local File Inclusion (LFI)
98
CWE
Product Name: MaticMarket
Affected Version From: 2.02
Affected Version To: 2.02
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP Nuke
2009
MaticMarket 2.02 for PHP Nuke LFI Vulnerability
MaticMarket 2.02 for PHP Nuke is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request containing maliciously crafted input to the vulnerable application. This can allow an attacker to read sensitive files from the server, such as the /etc/passwd file.
Mitigation:
To mitigate this vulnerability, the application should validate user input and filter out any malicious input. Additionally, the application should be configured to run with the least privileges necessary.
