Artmedic CMS Index.PHP Local File Include Vulnerability
BID:26090
Info
Artmedic CMS Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 26090 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5489 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 16 2007 12:00AM |
| Updated: | Oct 31 2007 07:36PM |
| Credit: | iNs is credited with the discovery of this vulnerability. |
| Vulnerable: |
artmedic webdesign Artmedic CMS 3.5 |
| Not Vulnerable: | |
Discussion
Artmedic CMS Index.PHP Local File Include Vulnerability
Artmedic CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.
Artmedic CMS 3.5 is vulnerable to this issue; other versions may also be affected.
Artmedic CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.
Artmedic CMS 3.5 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Artmedic CMS Index.PHP Local File Include Vulnerability
Attackers can exploit this issue via a browser.
The following proof-of-concept URIs are available:
http://www.example.com/index.php?page=[LFI]
http://www.example.com/cms/index.php?page=[LFI]
Attackers can exploit this issue via a browser.
The following proof-of-concept URIs are available:
http://www.example.com/index.php?page=[LFI]
http://www.example.com/cms/index.php?page=[LFI]
Solution / Fix
Artmedic CMS Index.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Artmedic CMS Index.PHP Local File Include Vulnerability
References:
References:
- Artmedic CMS Homepage (artmedic webdesign)