vendor:
PHPtree
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote file inclusion
98
CWE
Product Name: PHPtree
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PHPtree Remote file inclusion (s_dir)
This exploit allows an attacker to include remote files in PHPtree plugin HP_DEV cms2.php script by manipulating the s_dir parameter in the URL. This can lead to arbitrary code execution on the server.
Mitigation:
To mitigate this vulnerability, ensure that all user input is properly validated and sanitized before being used in file inclusion functions. Additionally, keep PHPtree and its plugins up to date with the latest security patches.