CVE-2006-2119

Artmedic Event - Remote File Inclusion via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2119. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Artmedic Event, where unsanitized user input allows inclusion of arbitrary remote files containing malicious PHP code. The example URL demonstrates command execution via the 'cmd' parameter.

Description

PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27767

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in Artmedic Event, where unsanitized user input allows inclusion of arbitrary remote files containing malicious PHP code. The example URL demonstrates command execution via the 'cmd' parameter.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Artmedic Event (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious file on a remote server

MITRE ATT&CK