Jupiter CMS Index.PHP Local File Include Vulnerability
BID:17716
Info
Jupiter CMS Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 17716 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2006 12:00AM |
| Updated: | Apr 27 2006 09:10PM |
| Credit: | Hamid Ebadi is credited with the discovery of this vulnerability. |
| Vulnerable: |
Jupiter CMS Jupiter CMS 1.1.5 Jupiter CMS Jupiter CMS 1.1.4 |
| Not Vulnerable: | |
Discussion
Jupiter CMS Index.PHP Local File Include Vulnerability
Jupiter CMS is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded avatars.
Version 1.1.5 and prior are vulnerable to this issue.
Jupiter CMS is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded avatars.
Version 1.1.5 and prior are vulnerable to this issue.
Exploit / POC
Jupiter CMS Index.PHP Local File Include Vulnerability
This issue can be exploited through a web client.
The following proof-of-concept URI is available:
This issue can be exploited through a web client.
The following proof-of-concept URI is available:
Solution / Fix
Jupiter CMS Index.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Jupiter CMS Index.PHP Local File Include Vulnerability
References:
References:
- Jupiter CMS Web Site (Jupiter CMS)