CVE-2008-0572
Mindmeld 1.2.0.10 - Remote Code Execution via MM_GLOBALS[home] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0572. PoCs published by David Wharton.
AI-analyzed exploit summary The exploit demonstrates multiple remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 due to improper handling of user-supplied input in the `MM_GLOBALS[home]` parameter. Attackers can include arbitrary remote PHP files, leading to remote code execution.
Description
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/.
Exploits (1)
The exploit demonstrates multiple remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 due to improper handling of user-supplied input in the `MM_GLOBALS[home]` parameter. Attackers can include arbitrary remote PHP files, leading to remote code execution.