WebPortal CMS Multiple Remote and Local File Include Vulnerabilities

WebPortal CMS is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings to execute local script code in the context of the application or to execute remote scripts in the context of the webserver process. This may allow the attacker to access sensitive information that may aid in further attacks or to compromise the application.

WebPortal CMS 0.8-beta is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus