CVE-2010-4878
published 2011-10-07CVE-2010-4878: PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.10%
79.3th percentile
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hinnendahl | kontakt_formular | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FlatnuX CMS - Traversal Arbitrary File Access
exploitdb·2012-04-01
CVE-2012-4878 FlatnuX CMS - Traversal Arbitrary File Access
FlatnuX CMS - Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/52846/info
Flatnux is prone to multiple security vulnerabilities:
1. An HTML-injection vulnerability
2. A cross-site request-forgery vulnerability
3. A directory-traversal vulnerability
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, obtain sensitive information, or control how the site is rendered to the user. Other attacks are also possible.
The following versions are vulnerable:
Flatnux 2011-08.09.2
Flatnux 2011-2012-01.03.3
Flatnux 2011-minimal-2012-01.03.3
Fncommerce 2010-08-09-no-db
Fncommerce 2010-08-09-no-sample-data
Fncommerce 2010-0
Exploit-DB
kontakt formular 1.1 - Remote File Inclusion
exploitdb·2010-08-26
CVE-2010-4878 kontakt formular 1.1 - Remote File Inclusion
kontakt formular 1.1 - Remote File Inclusion
---
########################################################
# #
# HINNENDAHL.COM Kontakt Formular 1.1 (formmailer.php) #
# #
# Remote File Inclusion Vulnerability #
# #
# by bd0rk || SOH-Crew # # #
# www.soh-crew.it.tt #
# #
# Contact: bd0rk[at]hackermail.com #
# #
########################################################
[~] Affected-Software: HINNENDAHL.COM Kontakt Formular 1.1
[~] Vendor: http://www.hinnendahl.com/
[~] Download: http://www.hinnendahl.com/index.php?seite=download
[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s
Description: The $script_pfad parameter in /kontaktformular/formmailer.php
isn't declared before require. So an attacker can execute some
php-shellcode about it. (line 2 - 3)
[+]Exploit: http://www.example.com/kontakt
No writeups or analysis indexed.
2011-10-07
Published