fuzzylime (cms) 'rss.php' Local File Include Vulnerability
BID:30103
Info
fuzzylime (cms) 'rss.php' Local File Include Vulnerability
| Bugtraq ID: | 30103 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3165 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 05 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Ams |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
fuzzylime (cms) 'rss.php' Local File Include Vulnerability
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable computer in the context of the application and to execute malicious PHP code.
This issue affects fuzzylime (cms) 3.01a and 3.01; other versions may also be affected.
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable computer in the context of the application and to execute malicious PHP code.
This issue affects fuzzylime (cms) 3.01a and 3.01; other versions may also be affected.
Exploit / POC
fuzzylime (cms) 'rss.php' Local File Include Vulnerability
Attackers may exploit this vulnerability via a browser.
The following exploit code is available:
Attackers may exploit this vulnerability via a browser.
The following exploit code is available:
Solution / Fix
fuzzylime (cms) 'rss.php' Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected].
References
fuzzylime (cms) 'rss.php' Local File Include Vulnerability
References:
References: