Free Directory Script 'API_HOME_DIR' File Inclusion Vulnerability Network Vulnerability

Summary

This host is installed with Free Directory Script and is prone to File Inclusion Vulnerability.

Impact

Successful exploitation will let the attacker add, modify or delete files from the server and can let the attacker install trojans or backdoors. Impact Level: Application

Solution

No patch is available as on 24th November, 2008.

Insight

The Error occurs when passing an input parameter into the 'API_HOME_DIR' in 'init.php' file which is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Affected

Free Directory Script version 1.1.1 and prior. Workaround: Edit the source code to ensure that input is properly verified.

References

http://secunia.com/advisories/32745

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
b2Evolution title SQL Injection
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
Avenger's News System Command Execution
A-A-S Application Access Server Multiple Vulnerabilities

Take action and discover your vulnerabilities