vendor:
by:
3l3ctric-Cracker (Dr Max Virus)
5.5
CVSS
MEDIUM
Bug
CWE
Product Name:
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Yaap
The Yaap script is affected by a bug in the common.php file, specifically in the include_once function call. This vulnerability allows an attacker to execute arbitrary shell code by manipulating the 'root_path' parameter in the URL.
Mitigation:
The vendor should release a patch to fix the bug and validate user input properly to prevent arbitrary code execution.