fuzzylime (cms) 'blog.php' Local File Include Vulnerability
BID:30121
Info
fuzzylime (cms) 'blog.php' Local File Include Vulnerability
| Bugtraq ID: | 30121 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3164 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 07 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Cod3rZ |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
fuzzylime (cms) 'blog.php' Local File Include Vulnerability
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.
This issue affects fuzzylime (cms) 3.01a; other versions may also be affected.
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.
This issue affects fuzzylime (cms) 3.01a; other versions may also be affected.
Exploit / POC
fuzzylime (cms) 'blog.php' Local File Include Vulnerability
Attackers may exploit this vulnerability via a browser.
The following proof-of-concept code is available:
Attackers may exploit this vulnerability via a browser.
The following proof-of-concept code is available:
Solution / Fix
fuzzylime (cms) 'blog.php' Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected].
References
fuzzylime (cms) 'blog.php' Local File Include Vulnerability
References:
References: