vendor:
mx_tinies
by:
bd0rk
7,5
CVSS
HIGH
File Include Vulnerability
98
CWE
Product Name: mx_tinies
Affected Version From: 1.3.0
Affected Version To: 1.3.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
mx_tinies 1.3.0 (common.php) File Include Vulnerability
mx_tinies 1.3.0 is vulnerable to a file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is caused due to the 'module_root_path' parameter in 'common.php' script not properly sanitized before being used to include files. This can be exploited to include arbitrary local or remote files containing malicious code and execute it in the context of the webserver process. The attacker can also include remote files containing arbitrary HTML and script code and execute it in the victim's browser.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to include files from unexpected locations.
