vendor:
ViArt CMS
by:
RoMaNcYxHaCkEr
N/A
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: ViArt CMS
Affected Version From: ViArt CMS 3.3.2
Affected Version To: ViArt CMS 3.3.2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
ViArt CMS 3.3.2 Remote File Include
The ViArt CMS 3.3.2 version is vulnerable to remote file inclusion. The vulnerability exists in the 'block_site_map.php' file, where it fails to properly validate user-supplied input before including a file. An attacker can exploit this vulnerability by sending a specially crafted request with a malicious URL to execute arbitrary code on the target system.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a newer version of ViArt CMS that has addressed this issue. Alternatively, ensure that user input is properly validated and sanitized before including files.