Vulners
Lucene search
ResourceSpace 7.1.6513 Local File Inclusion Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | ResourceSpace Native PHP File Inclusion Vulnerability | 3 Jun 201500:00 | – | cnvd |
 | CVE-2015-3648 | 9 Jun 201514:00 | – | cve |
 | CVE-2015-3648 | 9 Jun 201514:00 | – | cvelist |
 | Local PHP File Inclusion in ResourceSpace | 6 May 201500:00 | – | htbridge |
 | ResourceSpace - Local File inclusion | 8 Jun 202604:09 | – | nuclei |
 | CVE-2015-3648 | 9 Jun 201514:59 | – | nvd |
 | ResourceSpace 7.1.6513 Local File Inclusion | 3 Jun 201500:00 | – | packetstorm |
 | Directory traversal | 9 Jun 201514:59 | – | prion |
 | Local PHP File Inclusion in ResourceSpace | 8 Jun 201500:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 8 Jun 201500:00 | – | securityvulns |
10
Product: ResourceSpace
Vendor: Montala Limited
Vulnerable Version(s): 7.1.6513 and probably prior
Tested Version: 7.1.6513
Advisory Publication: May 6, 2015 [without technical details]
Vendor Notification: May 6, 2015
Vendor Patch: June 1, 2015
Public Disclosure: June 3, 2015
Vulnerability Type: PHP File Inclusion [CWE-98]
CVE Reference: CVE-2015-3648
Risk Level: High
CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise vulnerable web application and even entire web server on which the application is hosted.
The vulnerability exists due to the absence of filtration of the "defaultlanguage" HTTP GET parameter received from the user before including PHP file using the "include()" PHP function in "/pages/setup.php" script. The installation script "/pages/setup.php" remains on the system after installation by default and is remotely accessible to non-authenticated users.
A simple PoC below includes a local file "/tmp/file.php":
http://[host]/pages/setup.php?defaultlanguage=../../../../../tmp/file
-----------------------------------------------------------------------------------------------
Solution:
Update to ResourceSpace 7.2.6727
More Information:
http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738
# 0day.today [2018-01-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Jun 2015 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.51684