vendor:
WebBuilder
by:
GolD_M (Mahmnood_ali)
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: WebBuilder
Affected Version From: WebBuilder <= 2.0
Affected Version To: WebBuilder <= 2.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
WebBuilder <= 2.0 Remote File Include Vulnerability
The WebBuilder version 2.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file using the 'GLOBALS[core][module_path]' parameter in the StageLoader.php file. This allows the attacker to execute arbitrary code on the affected system.
Mitigation:
Update to a patched version of WebBuilder or apply appropriate security measures to prevent remote file inclusion attacks.