CVE-2006-2681

SocketMail Lite and Pro < 2.2.6 - Remote Code Execution via site_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2681. PoCs published by Aesthetico.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Socketmail <= 2.2.6. The vulnerability allows an attacker to include and execute arbitrary remote PHP scripts by manipulating the 'site_path' parameter in the 'index.php' file.

Description

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aesthetico · textwebappsphp

https://www.exploit-db.com/exploits/1826

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in Socketmail <= 2.2.6. The vulnerability allows an attacker to include and execute arbitrary remote PHP scripts by manipulating the 'site_path' parameter in the 'index.php' file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Socketmail <= 2.2.6

No auth needed

Prerequisites: Remote PHP script accessible via URL · Target server with allow_url_include enabled

MITRE ATT&CK