Community CMS 'include.php' Remote File Include Vulnerability

Bugtraq ID:	30275
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 17 2008 12:00AM
Updated:	Jul 17 2008 12:00AM
Credit:	N3TR00T3R
Vulnerable:	Community CMS Community CMS 0.1
Not Vulnerable:

Community CMS 'include.php' Remote File Include Vulnerability

Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Community CMS 0.1 is vulnerable; other versions may also be affected.

Community CMS 'include.php' Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/30275.php

Community CMS 'include.php' Remote File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Community CMS 'include.php' Remote File Include Vulnerability

References:

• Community CMS Homepage (Community CMS)
  
• communitycms-0.1 Remote File Inclusion ([email protected])