CVE-2009-3424

Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 isprojectPath parameter to includes/InstantSite/inc.isroot.php; GLOBALSthCMSroot parameter to 2 classes/class.Tree.php, 3...

MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities

No description provided by source. MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities I- Remote File Disclosure Vulnerabilities In /includes/inc.thcmsadmindirtree.php Code 22: if $GET"getjs"=="1" -------!! 23: readfile$thCMSroot."/includes/wzdragdrop.js";-------!! 24: exit; 25: POC :...