CVE-2006-0688

nicecoder indexu 5.0.0 and 5.0.1 - Remote File Inclusion via base_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0688.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in INDEXU v5.0.1, where the `admin_template_path` parameter is used to include arbitrary remote files, leading to potential remote code execution.

Description

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/1925

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in INDEXU v5.0.1, where the `admin_template_path` parameter is used to include arbitrary remote files, leading to potential remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: INDEXU v5.0.1

No auth needed

Prerequisites: Access to the vulnerable admin interface · Ability to host a malicious file on a remote server

MITRE ATT&CK