A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution.
Affected is CMSQlite <= 1.2
The vulnerability was discovered by Stefan Esser as part of the SQL Injection Marathon.
CMSQLite is a small, fast, flexible and complete Content-Management-System (CMS). It’s perfect for freelancers, self-employeds, clubs and associations and small companies.
CMSQLite is a CMS, basing on PHP and SQLite. That has many advantages!
This vulnerability was accidently discovered during SQL Injection Marathon while looking at CMSQlite for SQL injection vulnerabilities. The offending code is located in index.php.
By changing the mod URL parameter it is possible to include arbitrary files on the webserver.
Proof of concept, exploit or instructions to reproduce
The following URL includes the /etc/passwd file
This vulnerability has not been disclosed to the CMSQlite authors, yet.