vendor:
phpwcms
by:
|/| _ ._ _ _.._ | |(_)| (_|(_|| | _|
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: phpwcms
Affected Version From: 1.2.6
Affected Version To: 1.2.6
Patch Exists: NO
Related CWE: N/A
CPE: a:phpwcms:phpwcms:1.2.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities
Multiple Remote File Inclusion vulnerabilities exist in PhpwCMS 1.2.6. The vulnerable code is located in the include/inc_ext/spaw/dialogs/table.php, include/inc_ext/spaw/dialogs/a.php, include/inc_ext/spaw/dialogs/colorpicker.php, include/inc_ext/spaw/dialogs/confirm.php, include/inc_ext/spaw/dialogs/img.php, include/inc_ext/spaw/dialogs/img_library.php, and include/inc_ext/spaw/dialogs/td.php files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The URL contains the malicious file which will be included in the vulnerable page. This can lead to remote code execution.
Mitigation:
The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any file inclusion operations.
