CVE-2006-1022

PeHePe Membership Management System 3 - Remote File Inclusion Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1022. PoCs published by Yunus Emre Yilmaz.

AI-analyzed exploit summary The provided text describes a remote PHP code-injection vulnerability in PEHEPE Membership Management System version 3. The exploit involves manipulating the 'uye_klasor' and 'misafir[]' parameters to inject malicious code.

Description

PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Yunus Emre Yilmaz · textwebappsphp

https://www.exploit-db.com/exploits/27339

View Code ZIP pw:eip

The provided text describes a remote PHP code-injection vulnerability in PEHEPE Membership Management System version 3. The exploit involves manipulating the 'uye_klasor' and 'misafir[]' parameters to inject malicious code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: PEHEPE Membership Management System version 3

No auth needed

Prerequisites: Access to the target URL · Ability to manipulate URL parameters

MITRE ATT&CK