Full title: PTCeffect <= 4.6 LFI & SQL Injection Vulnerabilities 
Category: web applications
Platform: php
PTCeffect also known as ptcevolution is vulnerable to an sql injection.
It let you grab admin password and basically everything you want in db.

You don't need to have an account on the vulnerable site to use this exploit.

# 0day.today @ http://0day.today/