CVE-2006-4051

Turnkey Web Tools PHP Live Helper <2.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4051. PoCs published by Matdhule.

AI-analyzed exploit summary This is a writeup detailing a remote file inclusion vulnerability in PHP Live Helper <= 2.0. The vulnerability allows arbitrary PHP code execution by manipulating the 'abs_path' parameter in global.php to include external files.

Description

PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matdhule · textwebappsphp

https://www.exploit-db.com/exploits/2120

View Code ZIP pw:eip

This is a writeup detailing a remote file inclusion vulnerability in PHP Live Helper <= 2.0. The vulnerability allows arbitrary PHP code execution by manipulating the 'abs_path' parameter in global.php to include external files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Live Helper <= 2.0

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious PHP file on an external server

MITRE ATT&CK