header-logo
Suggest Exploit
vendor:
basicFramework
by:
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: basicFramework
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: basicframework
Metasploit:
Other Scripts:
Platforms Tested:

Remote File Inclusion Vulnerability in basicFramework

basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

To mitigate this vulnerability, ensure that all user-supplied input is properly sanitized and validated before being used in file inclusion operations. Additionally, it is recommended to restrict access to sensitive files and directories, and keep all software and plugins up to date with the latest security patches.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26194/info

basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects basicFramework 1.0; other versions may also be vulnerable. 

http://www.example.com/includes.php?root=[shell]

Navigation

Suggest Exploit

Services By CQR

cqrsecured