Mr-m07

4 exploits Active since Mar 2006
CVE-2006-1154 EXPLOITDB text WORKING POC
Fantastic News 2.1.2 and 2.1.4 - Remote File Inclusion via CONFIG[script_path] Parameter
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.
CVE-2006-6550 EXPLOITDB text WRITEUP
Phorum <= 3.2.11 - Remote File Inclusion via db_file Parameter
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
CVE-2008-5283 EXPLOITDB text WRITEUP
Google Hack Honeypot (GHH) File Upload Manager <1.3 - RCE
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
CVE-2006-4671 EXPLOITDB text WORKING POC
Fantastic News 2.1.4 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.