CVE-2006-1032

phpRPC <0.7 - Code Injection

Title source: llm

Description

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

Exploits (2)

exploitdb WORKING POC VERIFIED

by LorD · perlwebappsphp

https://www.exploit-db.com/exploits/1542

View Code ZIP pw:eip

exploitdb WORKING POC

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43836

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015691

[Third Party Advisory] http://securityreason.com/securityalert/502

[Vendor Advisory] http://www.securityfocus.com/archive/1/426193

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0745

[Vendor Advisory] http://www.gulftech.org/?node=research&article_id=00105-02262006

[Third Party Advisory] http://secunia.com/advisories/19058

[Third Party Advisory] http://secunia.com/advisories/19028

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16833

Scores

EPSS 0.1627

EPSS Percentile 94.8%

Details

Status published

Products (3)

phprpc/phprpc 0.7

phprpc/phprpc 0.8

phprpc/phprpc 0.9

Published Mar 07, 2006

Tracked Since Feb 18, 2026