Description
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by David Wharton · textwebappsphp
https://www.exploit-db.com/exploits/5026
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5026
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27538
Scores
EPSS
0.1085
EPSS Percentile
93.4%
Details
CWE
CWE-94
Status
published
Products (1)
mindmeld/mindmeld
1.2.0.10
Published
Feb 05, 2008
Tracked Since
Feb 18, 2026