vendor:
NuSEO PHP Enterprise
by:
BiNgZa
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: NuSEO PHP Enterprise
Affected Version From: NuSEO PHP Enterprise.v1.6
Affected Version To: NuSEO PHP Enterprise.v1.6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Remote File Inclusion in NuSEO PHP Enterprise.v1.6
The vulnerability is present in the file /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php. By manipulating the 'nuseo_dir' parameter in the URL, an attacker can include remote files from a different server, potentially leading to arbitrary code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before including files. Additionally, it is advised to avoid using remote file inclusion altogether.
