Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
BID:53703
Info
Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
| Bugtraq ID: | 53703 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 26 2012 12:00AM |
| Updated: | May 26 2012 12:00AM |
| Credit: | L3b-r1'z |
| Vulnerable: |
Small-Cms Small-Cms 0 |
| Not Vulnerable: | |
Discussion
Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
Small-Cms is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
Small-Cms is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
Exploit / POC
Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
Attackers can exploit this issue using a browser.
The following exploit is available:
Attackers can exploit this issue using a browser.
The following exploit is available:
Solution / Fix
Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
References:
References:
- Small-Cms Homepage (Small-Cms)