CVE-2006-2818

Cameron McKay Informium 0.12.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2818. PoCs published by Kacper.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Informium 0.12.0. The vulnerability allows an attacker to include and execute arbitrary remote scripts by manipulating the 'CONF[local_path]' parameter in the 'common-menu.php' file.

Description

PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/1865

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in Informium 0.12.0. The vulnerability allows an attacker to include and execute arbitrary remote scripts by manipulating the 'CONF[local_path]' parameter in the 'common-menu.php' file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Informium 0.12.0

No auth needed

Prerequisites: Remote script hosting · Target server with allow_url_include enabled

MITRE ATT&CK