Sitellite.CMS.Bug559668.PHP.File.Inclusion

description-logoDescription

Sitellite CMS has a remote file inclusion vulnerability. A remote attacker could execute arbitrary script on a vulnerable web server with the privileges of the server. This vulnerability can be exploited by sending a specially crafted URL request to the 'bug-559668.php' script, using the 'FORUM[LIB]' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Sitellite CMS version 4.2.12 and prior.

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

Currently we are not aware of any official supplied fix for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978