vendor:
TOWeLS
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: TOWeLS
Affected Version From: TOWeLS version 0.1
Affected Version To: TOWeLS version 0.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
TOWeLS version 0.1 (scripture.php) Remote File Inclusion Vulnerability
The vulnerability allows an attacker to include a remote file on the vulnerable server. In this case, the vulnerability exists in the scripture.php file of TOWeLS version 0.1. By manipulating the 'pageHeaderFile' parameter, an attacker can include a malicious file hosted on a remote server.
Mitigation:
The vulnerability can be mitigated by properly validating and sanitizing user input before including files. It is recommended to update to a patched version of the software if available.