HomePentest-Tools.com Logo

Fuzyylime(cms) Remote Code Execution Vulnerability CVE-2009-2176CVE-2009-2177

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Fuzyylime(cms) is prone to a remote code execution (RCE) vulnerability.

Risk description

The flaws are due to: - The data passed into list parameter in code/confirm.php and to the template parameter in code/display.php is not properly verified before being used to include files. - Input passed to the s parameter in code/display.php is not properly verified before being used to write to a file. Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when magic_quotes_gpc is disabled.

Recommendation

Upgrade to fuzzylime 3.03b or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 23, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available