CVE-2006-0625

SPIP 1.8.2g - Directory Traversal and Remote Code Execution via GLOBALS[type_urls] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0625. PoCs published by rgod.

AI-analyzed exploit summary The exploit demonstrates a remote command execution vulnerability in SPIP due to improper input sanitization. It leverages URL parameters to inject and execute arbitrary PHP commands with webserver privileges.

Description

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/27172

View Code ZIP pw:eip

The exploit demonstrates a remote command execution vulnerability in SPIP due to improper input sanitization. It leverages URL parameters to inject and execute arbitrary PHP commands with webserver privileges.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SPIP 1.8.2g and earlier

No auth needed

Prerequisites: Access to the target SPIP installation · PHP command injection via URL parameters

MITRE ATT&CK