BID:26143

ReloadCMS Index.PHP Local File Include Vulnerability

Info

ReloadCMS Index.PHP Local File Include Vulnerability

Bugtraq ID:	26143
Class:	Input Validation Error
CVE:	CVE-2007-5650
Remote:	Yes
Local:	No
Published:	Oct 20 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	ReloadCMS ReloadCMS 1.2.5

Not Vulnerable:

Discussion

ReloadCMS Index.PHP Local File Include Vulnerability

ReloadCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.

Exploit / POC

ReloadCMS Index.PHP Local File Include Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URI is available:

http://www.example.com/index.php?module=../../../../etc/passwd

Solution / Fix

ReloadCMS Index.PHP Local File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

ReloadCMS Index.PHP Local File Include Vulnerability

References:

ReloadCMS Home Page (ReloadCMS)
ReloadCMS Vulnerable ([email protected])