Mantis <= 1.1.1 LFI

This exploit is Copyright (C) 2007-2017 DSquare Security, LLC.

Description: LFI Vulnerability in language parameter. This exploit is dangerous. Because the LFI is done with require() on a value saved in SQL, if the path is non-existent, the user account will be broken. Additionally, this value must be <= 32chars (MySQL vachar(32))
Family: Local File Include
Bugtraq ID: BID-30354 BID-29297
CVE ID: CVE-2008-3333

Back to Exploits

Share :   Facebook   Twitter   Google+