[VIM] PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability
George A. Theall
theall at tenablesecurity.com
Thu Jun 10 09:06:01 CDT 2010
FYI: Exploit DB 12854 / Bugtraq 40545 concern a remote file include in
Content Management module for Phprojekt version 0.6.1, involving the
'path_pre=' parameter of the 'cm/cm_navigation.inc.php'. This is a
duplicate of Bugtraq 19628 (see <http://downloads.securityfocus.com/vulnerabilities/exploits/19628-rfi.html
>). [cm_navigation.inc.php doesn't exist in the application's root
directory, only under 'cm/'.] And for what it's worth, exploitation
requires that register_globals be enabled; eg,
<?php
// Content Management System module for PHProjekt (CMS4P).
// Copyright <A9>2002-2005 by Mario A. Valdez-Ramirez
// http://www.mariovaldez.net/
... [comments removed, GAT]
include_once ($path_pre . "cm/cm_lib.inc.php");
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list