This is a writeup detailing multiple local file inclusion (LFI) vulnerabilities in S-CMS <= v2.0 Beta3. It describes three distinct LFI vectors, including conditions such as requiring register globals to be enabled or admin privileges.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:S-CMS <= v2.0 Beta3
Auth required
Prerequisites:register globals enabled for one vector · admin privileges for another vector