CVE-2006-1839

PHP Album 0.3.2.3 - Remote File Inclusion via language.php data_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1839. PoCs published by rgod.

AI-analyzed exploit summary This is a writeup describing a remote file-include vulnerability in phpAlbum 0.3.2.3 and prior versions. It lacks actual exploit code but details the vulnerability and its impact.

Description

PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.

Exploits (1)

exploitdb WRITEUP VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/27643

View Code ZIP pw:eip

This is a writeup describing a remote file-include vulnerability in phpAlbum 0.3.2.3 and prior versions. It lacks actual exploit code but details the vulnerability and its impact.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpAlbum <= 0.3.2.3

No auth needed

Prerequisites: A vulnerable version of phpAlbum · Ability to send crafted HTTP requests to the target server

MITRE ATT&CK