CVE-2006-4040

mywebland myevent < 1.3 - Remote File Inclusion via myevent_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4040. PoCs published by CeNGiZ-HaN.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in myEvent due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code, leading to remote code execution in the context of the webserver process.

Description

PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CeNGiZ-HaN · textwebappsphp

https://www.exploit-db.com/exploits/28311

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in myEvent due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code, leading to remote code execution in the context of the webserver process.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: myEvent (version not specified)

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Network access to the vulnerable application

MITRE ATT&CK