CVE-2006-4160

MVCnPHP 3.0 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4160. PoCs published by Drago84.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in MVCnPHP by manipulating the `glConf[path_libraries]` parameter to include a remote shell. The vulnerability affects multiple PHP files in the application.

Description

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Drago84 · textwebappsphp

https://www.exploit-db.com/exploits/2173

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in MVCnPHP by manipulating the `glConf[path_libraries]` parameter to include a remote shell. The vulnerability affects multiple PHP files in the application.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MVCnPHP 3.0.0

No auth needed

Prerequisites: Remote shell accessible via HTTP · Target server with vulnerable MVCnPHP installation

MITRE ATT&CK