vendor:
GestArt
by:
Dj7xpl
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: GestArt
Affected Version From:
Affected Version To:
Patch Exists: No
Related CWE:
CPE:
Platforms Tested:
Remote File Inclusion Exploit in GestArt
The GestArt portal is vulnerable to Remote File Inclusion. The 'aide.php' script includes a file based on user input without proper validation, allowing an attacker to include arbitrary files from a remote server. This can lead to remote code execution and compromise the target system.
Mitigation:
To mitigate this vulnerability, the developer should validate and sanitize user input before including files. It is also recommended to restrict file inclusion to specific directories and avoid including files from remote servers.