F3Site 'GLOBALS[nlang]' Parameter Multiple Local File Include Vulnerabilities Network Vulnerability

Summary

The host is running F3Site and is prone to multiple local file include Vulnerabilities.

Impact

Successful exploitation could allow remote attackers to obtain sensitive information or execute arbitrary code on the vulnerable Web Server. Impact Level: Application.

Solution

Upgrade to F3Site 2010 or later, For updates refer to http://dhost.info/compmaster/index.php

Insight

The flaw is due to error in 'mod/poll.php' and 'mod/new.php' which are not properly sanitising user supplied input data via 'GLOBALS[nlang]' parameter.

Affected

F3Site 2009 and prior.

References

http://www.exploit-db.com/exploits/10536
http://xforce.iss.net/xforce/xfdb/54908

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4435

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
/cgi-bin directory browsable ?
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities