ASCET Interactive Huski CMS 'i' Parameter Local File Include Vulnerability

ID SSV:86812
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Huski CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible. 

header ('Content-Type: text/html; charset=utf-8');
// Data Includes
include_once "PHPLib/";
include_once "Data/dbConnection.class.php";
include_once "Data/dbConfig.class.php";
include_once "Data/dataAdapter.class.php";
include_once "Quicksite/Core/domxml.class.php";

// Quicksite Core Includes
include_once "Quicksite/Core/";

// Configuration
include_once "Quicksite/db.config.php";
include_once "inc/vars.config.php";

// Initialise the Site
$site = new Site($_VARS['site']);
// Initialise the Page
$page = new Page($site, $_GET['id'], array_merge($_POST, $_GET));

// Load plugin sources

// Create the Page

echo $page->Result;