CVE-2006-2008

Built2Go PHP Movie Review <2B - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2008. PoCs published by Camille Myers.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Built2Go PHP Movie Review <=2B. The vulnerability allows an attacker to include arbitrary remote files via the 'full_path' parameter in movie_cls.php, leading to potential remote code execution.

Description

PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Camille Myers · textwebappsphp

https://www.exploit-db.com/exploits/1711

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Built2Go PHP Movie Review <=2B. The vulnerability allows an attacker to include arbitrary remote files via the 'full_path' parameter in movie_cls.php, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Built2Go PHP Movie Review <=2B

No auth needed

Prerequisites: Network access to the target application · PHP remote file inclusion enabled on the target server

MITRE ATT&CK