CVE-2006-0922

CubeCart 3.0-3.6 - Unauthenticated Arbitrary File Upload via FileManager CurrentFolder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0922. PoCs published by NSA Group.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in CubeCart, allowing attackers to upload and execute arbitrary code on the server. The PoC provides an HTML form that submits a file to a vulnerable PHP connector script.

Description

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NSA Group · htmlwebappsphp

https://www.exploit-db.com/exploits/27304

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in CubeCart, allowing attackers to upload and execute arbitrary code on the server. The PoC provides an HTML form that submits a file to a vulnerable PHP connector script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CubeCart (version not specified)

No auth needed

Prerequisites: Access to the vulnerable CubeCart admin interface · File upload functionality enabled

MITRE ATT&CK