[VIM] PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability
rkeith
rkeith at securityfocus.com
Thu Jun 10 10:53:10 CDT 2010
Thanks George.
We've retired BID 40545 as a duplicate.
Cheers,
Rob
George A. Theall wrote:
> FYI: Exploit DB 12854 / Bugtraq 40545 concern a remote file include in
> Content Management module for Phprojekt version 0.6.1, involving the
> 'path_pre=' parameter of the 'cm/cm_navigation.inc.php'. This is a
> duplicate of Bugtraq 19628 (see
> <http://downloads.securityfocus.com/vulnerabilities/exploits/19628-rfi.html>).
> [cm_navigation.inc.php doesn't exist in the application's root
> directory, only under 'cm/'.] And for what it's worth, exploitation
> requires that register_globals be enabled; eg,
>
> <?php
> // Content Management System module for PHProjekt (CMS4P).
> // Copyright <A9>2002-2005 by Mario A. Valdez-Ramirez
> // http://www.mariovaldez.net/
> ... [comments removed, GAT]
>
> include_once ($path_pre . "cm/cm_lib.inc.php");
>
>
> George
More information about the VIM
mailing list