vendor:
RSS-aggregator
by:
Ghost Hacker [ R-H TeaM ]
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: RSS-aggregator
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
RSS-aggregator (display) Remote File Inclusion Vulnerability
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This request contains a maliciously crafted parameter value that is used to include a malicious file from a remote location. This malicious file contains malicious code that is executed on the vulnerable server.
Mitigation:
Input validation should be used to prevent the inclusion of malicious files. The application should also be configured to only include files from trusted locations.
