CVE-2006-2841

AssoCIateD CMS 1.1.3 - Remote File Inclusion via root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2841. PoCs published by Kacper.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in ACID CMS v1.1.3. It lists multiple endpoints where the 'root_path' parameter can be manipulated to include malicious scripts.

Description

Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/1858

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in ACID CMS v1.1.3. It lists multiple endpoints where the 'root_path' parameter can be manipulated to include malicious scripts.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: ACID CMS v1.1.3

No auth needed

Prerequisites: access to vulnerable ACID CMS instance · ability to host malicious script on remote server

MITRE ATT&CK