CVE-2006-0976
SPiD 1.3.1 - Path Traversal via scan_lang_insert.php lang Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-0976. PoCs published by NSA Group.
AI-analyzed exploit summary This exploit demonstrates a local file inclusion (LFI) vulnerability in SPiD due to improper input sanitization. The PoC shows how an attacker can read arbitrary files (e.g., /etc/passwd) by manipulating the 'lang' parameter.
Description
Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.
Exploits (1)
This exploit demonstrates a local file inclusion (LFI) vulnerability in SPiD due to improper input sanitization. The PoC shows how an attacker can read arbitrary files (e.g., /etc/passwd) by manipulating the 'lang' parameter.