vendor:
Ripe Website Manager
by:
BlackNDoor
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Ripe Website Manager
Affected Version From: v0.8.9 and below
Affected Version To: v0.8.9
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Ripe Website Manager Remote File Include Vulnerability
The Ripe Website Manager script (version <= v0.8.9) is vulnerable to remote file inclusion. The vulnerability can be exploited by including arbitrary files via the 'level' parameter in the 'author_panel_header.php' and 'admin_header.php' scripts. An attacker can craft a malicious URL and execute arbitrary code on the target system.
Mitigation:
To mitigate this vulnerability, it is recommended to update the Ripe Website Manager script to a version higher than v0.8.9 or apply any available patches or fixes provided by the vendor.
