header-logo
Suggest Exploit
vendor:
Ad Manager Pro
by:
SecurityFocus
7,5
CVSS
HIGH
Local File-Include Vulnerability
98
CWE
Product Name: Ad Manager Pro
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: YES
Related CWE: N/A
CPE: a:php_web_scripts:ad_manager_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

PHP Web Scripts Ad Manager Pro Local File-Include Vulnerability

PHP Web Scripts Ad Manager Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55189/info

PHP Web Scripts Ad Manager Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.

Ad Manager Pro version 4.0 is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?page=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd