CVE-2006-3911
PHP Live! < 3.2.1 - Remote File Inclusion via css_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3911. PoCs published by magnific.
AI-analyzed exploit summary The advisory describes a remote file inclusion vulnerability in PHPLive 3.2 due to improper sanitization of the $css_path variable. Attackers can exploit this by injecting a remote URL to execute arbitrary code.
Description
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.
Exploits (1)
The advisory describes a remote file inclusion vulnerability in PHPLive 3.2 due to improper sanitization of the $css_path variable. Attackers can exploit this by injecting a remote URL to execute arbitrary code.