CVE-2006-1346

gCards < 1.45 - Remote File Inclusion via Directory Traversal in lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1346. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates two vulnerabilities in gCards <= 1.45: arbitrary local file inclusion via the 'setLang' parameter and SQL injection for admin authentication bypass. It allows remote command execution by injecting PHP code into log files or bypassing authentication to upload malicious files.

Description

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1595

View Code ZIP pw:eip

This exploit demonstrates two vulnerabilities in gCards <= 1.45: arbitrary local file inclusion via the 'setLang' parameter and SQL injection for admin authentication bypass. It allows remote command execution by injecting PHP code into log files or bypassing authentication to upload malicious files.

Classification

Working Poc 100%

Attack Type

Rce | Sqli | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: gCards <= 1.45

No auth needed

Prerequisites: Target must have gCards <= 1.45 installed · For action 1: Log files must be writable and accessible via path traversal · For action 2: magic_quotes_gpc must be Off

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →