AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
BID:13108
Info
AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 13108 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1083 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery is credited to dionisio. |
| Vulnerable: |
AEwebworks Dating Software aeDating 3.2 |
| Not Vulnerable: | |
Discussion
AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
aeDating is prone to a local file include vulnerability.
The problem presents itself when an attacker passes the location of a potentially malicious local script through a parameter of the 'index.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
aeDating 3.2 and prior are affected by this issue.
aeDating is prone to a local file include vulnerability.
The problem presents itself when an attacker passes the location of a potentially malicious local script through a parameter of the 'index.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
aeDating 3.2 and prior are affected by this issue.
Exploit / POC
AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability
References:
References:
- aeDating Product Page (AEwebworks Dating Software)