[VIM] PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability

George A. Theall theall at tenablesecurity.com
Thu Jun 10 09:06:01 CDT 2010

FYI: Exploit DB 12854 / Bugtraq 40545 concern a remote file include in  
Content Management module for Phprojekt version 0.6.1, involving the  
'path_pre=' parameter of the 'cm/cm_navigation.inc.php'.  This is a  
duplicate of Bugtraq 19628 (see <http://downloads.securityfocus.com/vulnerabilities/exploits/19628-rfi.html 
 >). [cm_navigation.inc.php doesn't exist in the application's root  
directory, only under 'cm/'.] And for what it's worth, exploitation  
requires that register_globals be enabled; eg,

   // Content Management System module for PHProjekt (CMS4P).
   // Copyright <A9>2002-2005 by Mario A. Valdez-Ramirez
   // http://www.mariovaldez.net/
   ...  [comments removed, GAT]

   include_once ($path_pre . "cm/cm_lib.inc.php");

theall at tenablesecurity.com

More information about the VIM mailing list