Sitellite.CMS.Bug559668.PHP.File.Inclusion
Description
Sitellite CMS has a remote file inclusion vulnerability. A remote attacker could execute arbitrary script on a vulnerable web server with the privileges of the server. This vulnerability can be exploited by sending a specially crafted URL request to the 'bug-559668.php' script, using the 'FORUM[LIB]' parameter to specify a malicious PHP file from a remote system.
Affected Products
Sitellite CMS version 4.2.12 and prior.
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |