#VU47424 PHP file inclusion in Textpattern CMS - CVE-2010-3205

Cybersecurity Help s.r.o.

Published: 2010-09-03 | Updated: 2020-10-18

Vulnerability identifier: #VU47424

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2010-3205

CWE-ID: CWE-98

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Textpattern CMS
Web applications / CMS

Vendor: Textpattern

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation passed via the "inc" HTTP parameter to index.php script. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Textpattern CMS: 4.2.0

External links
https://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt
https://www.exploit-db.com/exploits/14823
https://exchange.xforce.ibmcloud.com/vulnerabilities/61475

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

PHP file inclusion in Textpattern CMS