Campsite 'g_campsiteDir' Remote And Local File Inclusion Vulnerabilities Network Vulnerability

Summary

This host is running Campsite and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary local files, and cause XSS attack, Directory Traversal attack and remote File Injection attack on the affected application. Impact Level: Application

Solution

Upgrade to Campsite version 3.3.6 or later For updates refer to http://campware.org/

Insight

The multiple flaws are due to, - Input validation errors in the 'admin-files','conf/liveuser_configuration.php' 'include/phorum_load.php',scripts when processing the 'g_campsiteDir' parameter. - Input validation error in the 'admin-files/templates/list_dir.php' script when,processing the 'listbasedir' parameter.

Affected

Campware, Campsite version 3.3.0 RC1 and prior

References

http://www.vupen.com/english/advisories/2009/1650

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2181, CVE-2009-2182, CVE-2009-2183
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admin News Tools Multiple Vulnerabilities
Apache Tomcat /servlet Cross Site Scripting
Arkeia Appliance Path Traversal Vulnerability
Acidcat CMS Multiple Vulnerabilities
AdaptBB Multiple Input Validation Vulnerabilities

Campsite 'g_campsiteDir' Remote and Local File Inclusion Vulnerabilities

Take action and discover your vulnerabilities