CVE-2006-1371

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1371. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets XHP CMS <= 0.5 by uploading a malicious PHP shell via the FileManager plugin and executing arbitrary commands. It leverages a file upload vulnerability to achieve remote code execution.

Description

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1605

View Code ZIP pw:eip

This exploit targets XHP CMS <= 0.5 by uploading a malicious PHP shell via the FileManager plugin and executing arbitrary commands. It leverages a file upload vulnerability to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: XHP CMS <= 0.5

No auth needed

Prerequisites: Access to the FileManager plugin · Network access to the target server

MITRE ATT&CK