11in1 CMS 1.2.1 – ‘index.php?class’ Traversal Local File Inclusion

Exploit Database
16 阅读

作者： High-Tech Bridge SA

日期： 2012-02-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36784/

source: https://www.securityfocus.com/bid/52025/info

11in1 is prone to a cross-site request-forgery and a local file include vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application.

11in1 1.2.1 is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?class=../../../tmp/file%00

last Exploits
11in1 CMS 1.2.1 – ‘index.php?class’ Traversal Local File Inclusion的更多信息

Atlassian Confluence AppFusions Doxygen 1.3.0 – Directory Traversal：
KikChat – Local File Inclusion / Remote Code Execution：
WordPress Plugin Supsystic Contact Form 1.7.18 – ‘label’ Stored Cross-Site Scripting (XSS)：
Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE)：
Anuko Time Tracker 1.19.23.5325 – CSV/Formula Injection：
PHP-Fusion – Remote Command Execution：
Piwigo 2.6.1 – Cross-Site Request Forgery：
ThinkAdmin 6 – Arbitrarily File Read：