CVE-2006-3158

eduha_meeting - Remote Code Execution via Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3158. PoCs published by Liz0ziM.

AI-analyzed exploit summary The provided text describes an arbitrary file-upload vulnerability in Eduha Meeting, allowing attackers to upload and execute arbitrary code. However, no actual exploit code is present, only a description and a URL path.

Description

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Liz0ziM · textwebappsphp

https://www.exploit-db.com/exploits/28058

View Code ZIP pw:eip

The provided text describes an arbitrary file-upload vulnerability in Eduha Meeting, allowing attackers to upload and execute arbitrary code. However, no actual exploit code is present, only a description and a URL path.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Eduha Meeting (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK