CVE-2006-1294

KnowledgebasePublisher 1.2 - Remote File Inclusion via PageController.php dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1294. PoCs published by uid0.

AI-analyzed exploit summary This Perl script exploits a remote code execution vulnerability in KnowledgebasePublisher 1.2 by sending crafted HTTP requests to execute arbitrary commands via a user-supplied PHP shell. It leverages LWP::UserAgent to interact with the target and parse command output.

Description

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by uid0 · perlwebappsphp

https://www.exploit-db.com/exploits/1587

View Code ZIP pw:eip

This Perl script exploits a remote code execution vulnerability in KnowledgebasePublisher 1.2 by sending crafted HTTP requests to execute arbitrary commands via a user-supplied PHP shell. It leverages LWP::UserAgent to interact with the target and parse command output.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KnowledgebasePublisher 1.2

No auth needed

Prerequisites: Target must have KnowledgebasePublisher 1.2 installed · Attacker must host a PHP command shell accessible via HTTP · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →