CVE-2006-1959

ActualScripts ActualAnalyzer Lite <2.72, Gold <7.63, Server <8.23 -...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1959. PoCs published by Aesthetico.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in ActualAnalyzer Server <=8.23. It allows an attacker to include and execute arbitrary remote files via the 'rf' parameter in the 'direct.php' script.

Description

PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aesthetico · textwebappsphp

https://www.exploit-db.com/exploits/1767

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in ActualAnalyzer Server <=8.23. It allows an attacker to include and execute arbitrary remote files via the 'rf' parameter in the 'direct.php' script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ActualAnalyzer Server <=8.23

No auth needed

Prerequisites: Remote file with malicious code · Network access to the target server

MITRE ATT&CK