Textpattern CMS 'index.php' Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is running Textpattern and is prone to remote file inclusion vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code on the vulnerable Web server. Impact Level: Application.

Solution

Upgrade to version 4.3.0 or later, For updates refer to http://textpattern.com/download

Insight

The flaw is due to an error in 'index.php', which is not properly sanitizing user-supplied data via 'inc' parameter. This allows an attacker to include arbitrary files.

Affected

Textpattern CMS version 4.2.0

References

http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt
http://www.exploit-db.com/exploits/14823/
http://xforce.iss.net/xforce/xfdb/61475

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3205

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Windows Installer Privilege Escalation Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities
A-Blog 'sources/search.php' SQL Injection Vulnerability
Alchemy Eye HTTP Command Execution

Take action and discover your vulnerabilities