CVE-2006-2261
ACal 2.2.6 - Remote File Inclusion via day.php path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2261. PoCs published by PiNGuX.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ACal 2.2.6 by manipulating the 'path' parameter in day.php to include a remote file containing arbitrary commands. The PoC shows how an attacker can execute system commands via a malicious URL.
Description
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ACal 2.2.6 by manipulating the 'path' parameter in day.php to include a remote file containing arbitrary commands. The PoC shows how an attacker can execute system commands via a malicious URL.