Cartweaver ‘helpFileName’ Parameter Local File Include Vulnerability
* Cartweaver 4.0
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks. Cartweaver 3 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to the AdminHelp.php script using the helpFileName parameter, to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server. Note: In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file.
Proof of Concept:
An attacker can exploit the issue with a browser.
The following example URI is available:
Published : Oct 15 2012
Updated : Oct 15 2012