Summary
The host is running F3Site and is prone to multiple local file include Vulnerabilities.
Impact
Successful exploitation could allow remote attackers to obtain sensitive information or execute arbitrary code on the vulnerable Web Server.
Impact Level: Application.
Solution
Upgrade to F3Site 2010 or later,
For updates refer to http://dhost.info/compmaster/index.php
Insight
The flaw is due to error in 'mod/poll.php' and 'mod/new.php' which are not properly sanitising user supplied input data via 'GLOBALS[nlang]' parameter.
Affected
F3Site 2009 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4435 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Archiva Multiple Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability