This exploit targets a Remote File Inclusion (RFI) vulnerability in AdaptCMS Lite 1.5. The PoC leverages a vulnerable `include_once` statement in `rss_importer_functions.php` to execute arbitrary code by injecting a malicious URL via the `sitepath` parameter.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:AdaptCMS Lite 1.5
No auth needed
Prerequisites:register_globals = on · allow_url_include = on · allow_url_fopen = on