CVE-2006-0565
Loudblog < 0.4 - Remote Code Execution via $GLOBALS[path] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-0565. PoCs published by rgod.
AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in LoudBlog 0.4 by manipulating the 'language' parameter in a POST request to include arbitrary commands. The script sends a crafted multipart/form-data request to 'backend_settings.php' with a malicious payload.
Description
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
Exploits (1)
This exploit targets a remote command execution vulnerability in LoudBlog 0.4 by manipulating the 'language' parameter in a POST request to include arbitrary commands. The script sends a crafted multipart/form-data request to 'backend_settings.php' with a malicious payload.