plusPHP Multi-User Short URL and Statistics (plus.php) RFI Vulnerability

vendor:

plusPHP Multi-User Short URL and Statistics

by:

DR.TOXIC

9.3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: plusPHP Multi-User Short URL and Statistics

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2008-2490

CPE: a:plusphp:plusphp_multi-user_short_url_and_statistics

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2008

plusPHP Multi-User Short URL and Statistics (plus.php) RFI Vulnerability

plusPHP Multi-User Short URL and Statistics (plus.php) is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.

Mitigation:

Upgrade to the latest version of plusPHP Multi-User Short URL and Statistics (plus.php)

Source

plusPHP Multi-User Short URL and Statistics (plus.php) RFI Vulnerability

Mitigation:

Exploit-DB raw data: