Talemy Spirit Framework Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Talemy Spirit Framework, specifically in versions through 1.2.13. This issue arises from improper control of filenames in include or require statements, allowing for PHP remote file inclusion that could be exploited to include local files from the target website. Such exploitation could potentially lead to a complete takeover of the database, depending on the site's configuration.
Impact
Exploitation of this vulnerability could allow a malicious actor to include local files from the server, such as those containing database credentials, and execute their contents. This could result in a full takeover of the database, depending on the site's configuration.
Remediation
Users are advised to update to a version of the Talemy Spirit Framework that is later than 1.2.13. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability until an official fix can be applied.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.