CVE-2006-3987

Knusperleicht FileManager <1.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3987. PoCs published by SHiKaA.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in K_fileManager v1.2. The vulnerability allows an attacker to include arbitrary remote files via the 'dwl_include_path' parameter in index.php, leading to potential remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SHiKaA · textwebappsphp

https://www.exploit-db.com/exploits/2104

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in K_fileManager v1.2. The vulnerability allows an attacker to include arbitrary remote files via the 'dwl_include_path' parameter in index.php, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: K_fileManager v1.2

No auth needed

Prerequisites: Target application must be accessible · Remote file must be hosted on an accessible server

MITRE ATT&CK