CVE-2006-2871

CyBoards PHP Lite 1.25 - Remote File Inclusion via script_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2871. PoCs published by SpC-x.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in CyBoards PHP Lite, but lacks actual exploit code. It references a retired BID and a generic example URL without functional PoC details.

Description

PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value

Exploits (1)

exploitdb WRITEUP VERIFIED

by SpC-x · textwebappsphp

https://www.exploit-db.com/exploits/27970

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in CyBoards PHP Lite, but lacks actual exploit code. It references a retired BID and a generic example URL without functional PoC details.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: CyBoards PHP Lite

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server

MITRE ATT&CK