vendor:
Ncaster
by:
k1n9k0ng
7.5
CVSS
HIGH
Remote Code Execution (RCE)
78
CWE
Product Name: Ncaster
Affected Version From: Ncaster 1.7.2
Affected Version To: Ncaster 1.7.2
Patch Exists: NO
Related CWE:
CPE: a:ncaster:ncaster:1.7.2
Platforms Tested:
2007
Ncaster 1.7.2 RCE Vulnerability
The Ncaster 1.7.2 script is vulnerable to remote code execution due to improper validation of the 'adminfolder' parameter in the 'archive.php' file. An attacker can exploit this vulnerability by injecting a shell command in the 'adminfolder' parameter, leading to arbitrary code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to apply the latest patch or update to a newer version of the Ncaster script. Additionally, ensure that input validation and sanitization techniques are implemented to prevent arbitrary code execution.