SineCMS Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is installed with SineCMS and is prone to Remote File Inclusion vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information and execute arbitrary code via crafetd URLs which upload malicious files. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

This vulnerability arises because input passed to the 'sine[config][index_main]' parameter in 'mods/Integrated/index.php' is not sanitised before being used to include files.

Affected

SineCMS version 2.3.5 and prior.

References

http://secunia.com/advisories/28305
http://xforce.iss.net/xforce/xfdb/39446

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-7163

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

Take action and discover your vulnerabilities