CVE-2010-1266

EPSS 2.9%

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.org/1003-exploits/webmaid-rfilfi.txtunverified cve_referencewww.exploit-db.com/exploits/11831unverified exploitdbwww.exploit-db.com/exploits/11831unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://inj3ct0r.com/exploits/11394 http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/57059 http://www.exploit-db.com/exploits/11831 http://www.securityfocus.com/bid/38993 http://www.vupen.com/english/advisories/2010/0674