vendor:
OI.Blogs
by:
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: OI.Blogs
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE:
CPE: a:openinferno:oi.blogs:1.0.0
Platforms Tested:
OpenInferno OI.Blogs Local File Inclusion Vulnerabilities
OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Mitigation:
It is recommended to sanitize user-supplied input and implement proper input validation to prevent local file inclusion vulnerabilities. Regularly updating the software to the latest version also helps in mitigating such vulnerabilities.