CVE-2006-4240

Fusion News 3.7 - Remote File Inclusion via fpath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4240. PoCs published by O.U.T.L.A.W.

AI-analyzed exploit summary This Perl script exploits a remote file inclusion vulnerability in Fusion News v3.7 by injecting a malicious remote file via the 'fpath' parameter. It establishes a shell-like interface to execute arbitrary commands on the target system.

Description

PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by O.U.T.L.A.W · perlwebappsphp

https://www.exploit-db.com/exploits/28394

View Code ZIP pw:eip

This Perl script exploits a remote file inclusion vulnerability in Fusion News v3.7 by injecting a malicious remote file via the 'fpath' parameter. It establishes a shell-like interface to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Fusion News v3.7

No auth needed

Prerequisites: Remote command shell accessible via HTTP · Target server with vulnerable Fusion News installation

MITRE ATT&CK