Main Vulnerability Database Exploits ID:4683 - Exploit for PHP file inclusion in Textpattern CMS - CVE-2010-3205

ID:4683 - Exploit for PHP file inclusion in Textpattern CMS - CVE-2010-3205

Published: October 8, 2020

Vulnerability identifier: #VU47424

Vulnerability risk: High

CVE-ID: CVE-2010-3205

CWE-ID: CWE-98

Exploitation vector: Remote access

Vulnerable software:
Textpattern CMS

Link to public exploit:

https://www.exploit-db.com/exploits/14823/

Vulnerability description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation passed via the "inc" HTTP parameter to index.php script. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Remediation

Install updates from vendor's website.

ID:4683 - Exploit for PHP file inclusion in Textpattern CMS - CVE-2010-3205

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human