Fuzzylime Cms Code/track.php Local File Inclusion Vulnerability Network Vulnerability

Summary

The host is running fuzzylime CMS and is prone to Local File Inclusion vulnerability.

Impact

Successful exploitation will cause inclusion and execution of arbitrary files from local resources via directory traversal attacks. Impact Level: Application

Solution

Update to fuzzylime cms version 3.03a or later, For updates refer to http://cms.fuzzylime.co.uk/st/front/index/

Insight

The flaw is caused due improper handling of input passed to p parameter in code/track.php file when the url, title and excerpt form parameters are set to non-null values.

Affected

fuzzylime cms version 3.03 and prior.

References

http://secunia.com/advisories/32865

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5291
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
68designs 68kb Multiple Remote File Include Vulnerabilities
Adobe ColdFusion Information Disclosure Vulnerability
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

fuzzylime cms code/track.php Local File Inclusion Vulnerability

Take action and discover your vulnerabilities