vendor:
PostGuestbook
by:
GloD_M = [Mahmood_ali]
5.5
CVSS
MEDIUM
Remote File Inclusion
CWE
Product Name: PostGuestbook
Affected Version From: 2000.6.1
Affected Version To: 2000.6.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PostGuestbook 0.6.1(tpl_pgb_moddir)Remote File Include Expliot
This exploit takes advantage of a remote file inclusion vulnerability in PostGuestbook version 0.6.1. By manipulating the 'tpl_pgb_moddir' parameter in the URL, an attacker can include a malicious file (in this case, 'Shell.php') and execute arbitrary code on the target system.
Mitigation:
The recommended mitigation for this vulnerability is to update to a patched version of PostGuestbook or to disable the affected module.