CVE-2006-1491
Horde Application Framework <3.0.10, <3.1.1 - Code Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-1491. PoCs published by Inkubus.
AI-analyzed exploit summary This is a Metasploit module that exploits a remote PHP code execution vulnerability in Horde's Help Viewer module by injecting arbitrary commands via a crafted GET request. The exploit encodes the payload as chr() function calls and executes it through passthru().
Description
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
Exploits (1)
This is a Metasploit module that exploits a remote PHP code execution vulnerability in Horde's Help Viewer module by injecting arbitrary commands via a crafted GET request. The exploit encodes the payload as chr() function calls and executes it through passthru().