CVE-2005-1222
Annuaire Netref 4.2 - Remote Code Execution via m_for_racine Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-1222. PoCs published by jaguar.
AI-analyzed exploit summary This exploit leverages a PHP script injection vulnerability in Netref by manipulating the 'm_for_racine' parameter to inject arbitrary PHP code, allowing remote command execution. The payload includes a PHP system call and script inclusion, demonstrating a direct path to RCE.
Description
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
Exploits (1)
This exploit leverages a PHP script injection vulnerability in Netref by manipulating the 'm_for_racine' parameter to inject arbitrary PHP code, allowing remote command execution. The payload includes a PHP system call and script inclusion, demonstrating a direct path to RCE.