DM FileManager 'album.php' Remote File Inclusion Vulnerability Network Vulnerability

Summary

The host is running DM FileManager and is prone to remote File Inclusion vulnerability.

Impact

Successful exploitation will let the remote attacker execute arbitrary PHP code, and can include arbitrary file from local or external resources when register_globals is enabled. Impact Level: Application

Solution

Apply Security patch from below link, http://www.dutchmonkey.com/?file=products/dm-albums/download_form.html

Insight

Error exists when input passed to the 'SECURITY_FILE' parameter in 'album.php' in 'dm-albums/template/' directory is not properly verified before being used to include files.

Affected

DutchMonkey, DM FileManager version 3.9.4 and prior

References

http://secunia.com/advisories/35622
http://www.securityfocus.com/bid/35521/exploit

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2399
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat Multiple Vulnerabilities June-09
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities