CVE-2006-0714

Flyspray 0.9.7 - Directory Traversal via adodbpath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0714. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in FlySpray 0.9.7 via PHP5 file inclusion. It allows an attacker to execute arbitrary commands on the target system by leveraging a file inclusion flaw.

Description

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1494

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in FlySpray 0.9.7 via PHP5 file inclusion. It allows an attacker to execute arbitrary commands on the target system by leveraging a file inclusion flaw.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FlySpray 0.9.7

No auth needed

Prerequisites: PHP5 environment · FlySpray 0.9.7 installation · Network access to the target

MITRE ATT&CK