Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-0936. PoCs published by NSA Group.
AI-analyzed exploit summary This exploit leverages a file upload vulnerability in Website generator by manipulating the 'formname' parameter to upload arbitrary PHP code. The null byte injection allows bypassing file extension restrictions, leading to remote code execution.
Description
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
Exploits (1)
This exploit leverages a file upload vulnerability in Website generator by manipulating the 'formname' parameter to upload arbitrary PHP code. The null byte injection allows bypassing file extension restrictions, leading to remote code execution.