vendor:
phpMyTeam
by:
XORON
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: phpMyTeam
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:phpscripts-fr:phpmyteam:2.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability
A remote file include vulnerability exists in phpMyTeam v2.0, due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'smileys_dir' parameter in the 'smileys_packs.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by supplying a malicious URL in the 'smileys_dir' parameter.
Mitigation:
Upgrade to the latest version of phpMyTeam v2.0 or apply the appropriate patch.
