ID de Prueba:	1.3.6.1.4.1.25623.1.0.900584
Categoría:	Web application abuses
Título:	Fuzyylime(cms) RCE Vulnerability
Resumen:	Fuzyylime(cms) is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: Fuzyylime(cms) is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaws are due to: - The data passed into 'list' parameter in code/confirm.php and to the 'template' parameter in code/display.php is not properly verified before being used to include files. - Input passed to the 's' parameter in code/display.php is not properly verified before being used to write to a file. Vulnerability Impact: Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when magic_quotes_gpc is disabled. Affected Software/OS: Fuzyylime(cms) version 3.03a and prior. Solution: Upgrade to fuzzylime 3.03b or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2176 BugTraq ID: 35418 http://www.securityfocus.com/bid/35418 https://www.exploit-db.com/exploits/8978 http://osvdb.org/55182 http://osvdb.org/55183 http://secunia.com/advisories/35489 XForce ISS Database: fuzzylimecms-confirm-display-file-include(51205) https://exchange.xforce.ibmcloud.com/vulnerabilities/51205 Common Vulnerability Exposure (CVE) ID: CVE-2009-2177 http://osvdb.org/55184 XForce ISS Database: fuzzylimecms-display-file-overwrite(51206) https://exchange.xforce.ibmcloud.com/vulnerabilities/51206
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.