CVE-2007-6344

Mcms Easy Web Make <1.3 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6344. PoCs published by MhZ91.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in Mcms Easy Web Make. The vulnerability exists due to improper input validation in the 'template' parameter, allowing an attacker to include arbitrary files if magic_quotes_gpc is disabled.

Description

Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by MhZ91 · textwebappsphp

https://www.exploit-db.com/exploits/4719

View Code ZIP pw:eip

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Mcms Easy Web Make. The vulnerability exists due to improper input validation in the 'template' parameter, allowing an attacker to include arbitrary files if magic_quotes_gpc is disabled.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mcms Easy Web Make

No auth needed

Prerequisites: magic_quotes_gpc must be disabled

MITRE ATT&CK