CVE-2006-1212

CoreNews 2.0.1 - Remote Command Execution via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1212. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a code-execution vulnerability in Core News version 2.0.1, where arbitrary PHP code can be executed via a crafted URL parameter. However, no actual exploit code is included, only a description and example URL.

Description

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27413

View Code ZIP pw:eip

The provided text describes a code-execution vulnerability in Core News version 2.0.1, where arbitrary PHP code can be executed via a crafted URL parameter. However, no actual exploit code is included, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Core News 2.0.1

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK