CVE-2006-3793

sitedepth_cms < 3.01 - Remote File Inclusion via SD_DIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3793. PoCs published by Aesthetico.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in SiteDepth CMS <= 3.0.1. The vulnerability allows an attacker to include and execute arbitrary remote PHP scripts by manipulating the `SD_DIR` parameter in `constants.php`.

Description

PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aesthetico · textwebappsphp

https://www.exploit-db.com/exploits/2049

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in SiteDepth CMS <= 3.0.1. The vulnerability allows an attacker to include and execute arbitrary remote PHP scripts by manipulating the `SD_DIR` parameter in `constants.php`.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SiteDepth CMS <= 3.0.1

No auth needed

Prerequisites: Remote PHP script hosting · Network access to the target

MITRE ATT&CK