ISS X-Force Database: smartsite-multiple-scripts-file-include(27425): SmartSiteCMS multiple scripts file include

SmartSiteCMS multiple scripts file include

smartsite-multiple-scripts-file-include (27425)

Medium Risk

Description:

SmartSiteCMS could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to comment.php script, admin/test.php script, admin/index.php script, admin/include/inc_adminfoot.php script or the admin/comedit.php script using the 'root' parameter to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable system.

Consequences:

Gain Access

Remedy:

No remedy available as of February 6, 2010.

References:

BugTraq Mailing List, Tue Jun 27 2006 - 18:00:17 CDT : smartsite cms v1.0 Remote File include.
SmartSite CMS Web site: SmartSite CMS v1.0.
BID-18628: SmartSiteCMS Inc_Foot.PHP Remote File Include Vulnerability
BID-18697: SmartSiteCMS Multiple Remote File Include Vulnerabilities
CVE-2006-3162: PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2006-3421: PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
OSVDB ID: 26748: SmartSiteCMS comment.php root Variable Remote File Inclusion
OSVDB ID: 26749: SmartSiteCMS admin/test.php root Variable Remote File Inclusion
OSVDB ID: 26750: SmartSiteCMS admin/index.php root Variable Remote File Inclusion
OSVDB ID: 26751: SmartSiteCMS admin/include/inc_adminfoot.php root Variable Remote File Inclusion
OSVDB ID: 26752: SmartSiteCMS admin/comedit.php root Variable Remote File Inclusion
SA20769: SmartSiteCMS Authentication Bypass and File Inclusion
SECTRACK ID: 1016411: SmartSiteCMS `root` Parameter Include File Bug Lets Remote Users Execute Arbitrary Code
VUPEN/ADV-2006-2478: SmartSiteCMS root Parameter Handling Remote PHP File Inclusion Vulnerability

Platforms Affected:

Lobsterweb Design Services SmartSiteCMS 1.0

Reported:

Jun 27, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page