vendor:
Privacy [Account Video Picture Books Record]
by:
Vulnerability Laboratory Research Team
6,6
CVSS
HIGH
Local File Include
98
CWE
Product Name: Privacy [Account Video Picture Books Record]
Affected Version From: Privacy Pro v1.2 iOS
Affected Version To: Privacy Pro v1.2 iOS
Patch Exists: YES
Related CWE: N/A
CPE: a:huang_zhuan:privacy_account_video_picture_books_record:1.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: iOS Mobile Web Application
2014
Privacy Pro v1.2 HZ iOS – File Include Web Vulnerability
A local file include web vulnerability has been discovered in the official Privacy Pro v1.2 iOS mobile web-application. The local fil include web vulnerability allows remote attackers to include local files to compromise the web-application or connected system. The vulnerability is located in the `file` value of the `index.php` file. Remote attackers are able to inject own malicious files to compromise the web-application or connected system.
Mitigation:
The vulnerability can be patched by a secure parse and encode of the vulnerable file parameter.
