PTCeffect <= 4.6 LFI & SQL Injection Vulnerabilities
PTCeffect also known as ptcevolution is vulnerable to an sql injection. It let you grab admin password and basically everything you want in db. You don't need to have an account on the vulnerable site to use this exploit. The LFI vulnerability is in index.php...