CVE-2005-3860

Oliver May Athena PHP Website Administration 0.1a - Remote Code Execution via athena_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3860. PoCs published by [GB].

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Athena PHP Website Administration due to improper input sanitization. An attacker can execute arbitrary PHP code by manipulating the 'athena_dir' parameter to include a remote URL.

Description

PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [GB] · textwebappsphp

https://www.exploit-db.com/exploits/26598

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Athena PHP Website Administration due to improper input sanitization. An attacker can execute arbitrary PHP code by manipulating the 'athena_dir' parameter to include a remote URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Athena PHP Website Administration

No auth needed

Prerequisites: Remote PHP file hosted on an attacker-controlled server · Target server with 'allow_url_include' enabled

MITRE ATT&CK