vendor:
micro cms
by:
CeNGiZ-HaN
8.8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: micro cms
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Remote File Inclusion in micro cms www.impliedbydesign.com
A remote file inclusion vulnerability exists in micro cms www.impliedbydesign.com. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL in the microcms_path parameter that points to a malicious file on a remote server. The vulnerable server then includes and executes the remote file, resulting in arbitrary code execution on the vulnerable server.
Mitigation:
The best way to mitigate this vulnerability is to validate user input and filter out any malicious code. Additionally, the application should be configured to only allow access to files that are necessary for the application to function properly.