CVE-2006-3300
phpmysms < 2.0 - Remote File Inclusion via ROOT_PATH Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3300. PoCs published by Persian-Defacer.
AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in PhpMySms <= V2.0 due to improper handling of the ROOT_PATH parameter in gateway.php. An attacker can include a remote script by manipulating the ROOT_PATH parameter in the URL.
Description
PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
Exploits (1)
This exploit demonstrates a Remote File Include (RFI) vulnerability in PhpMySms <= V2.0 due to improper handling of the ROOT_PATH parameter in gateway.php. An attacker can include a remote script by manipulating the ROOT_PATH parameter in the URL.