Mafia Scum Tools Index.PHP Remote File Include Vulnerability

Bugtraq ID:	22151
Class:	Input Validation Error
CVE:	CVE-2007-0501
Remote:	Yes
Local:	No
Published:	Jan 21 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	Dr.Pantagon is credited with the discovery of this vulnerability.
Vulnerable:	Mafia Scum Tools Mafia Scum Tools 2.0
Not Vulnerable:

Mafia Scum Tools Index.PHP Remote File Include Vulnerability

Mafia Scum Tools is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer in the context of the affected application.

Mafia Scum Tools version 2.0.0 is vulnerable to this issue.

Mafia Scum Tools Index.PHP Remote File Include Vulnerability

Attackers can exploit this issue using a web client.

The following proof of concept is available:

• /data/vulnerabilities/exploits/mafia-2-0-0.pl

Mafia Scum Tools Index.PHP Remote File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Mafia Scum Tools Index.PHP Remote File Include Vulnerability

References:

• Vendor HomePage (Mafia Scum Tools)