CVE-2006-2747
PhpMyDesktop|arcade < 1.0_final - Directory Traversal and Arbitrary File Read via Subsite Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2747. PoCs published by darkgod.
AI-analyzed exploit summary The exploit describes a local file inclusion vulnerability in phpMyDesktop|arcade, allowing unauthorized file access and potential arbitrary code execution via uploaded images. The provided URL demonstrates the vulnerability by manipulating the 'subsite' parameter.
Description
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.
Exploits (1)
The exploit describes a local file inclusion vulnerability in phpMyDesktop|arcade, allowing unauthorized file access and potential arbitrary code execution via uploaded images. The provided URL demonstrates the vulnerability by manipulating the 'subsite' parameter.