CVE-2006-4311

Sonium Enterprise Adressbook 0.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4311. PoCs published by Philipp Niedziela.

AI-analyzed exploit summary This is a writeup detailing a Remote File Inclusion (RFI) vulnerability in Sonium Enterprise Adressbook Version 0.2. The vulnerability arises from unsanitized user input in the 'folder' parameter, allowing remote file execution.

Description

PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Philipp Niedziela · textwebappsphp

https://www.exploit-db.com/exploits/2216

View Code ZIP pw:eip

This is a writeup detailing a Remote File Inclusion (RFI) vulnerability in Sonium Enterprise Adressbook Version 0.2. The vulnerability arises from unsanitized user input in the 'folder' parameter, allowing remote file execution.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sonium Enterprise Adressbook Version 0.2

No auth needed

Prerequisites: Access to the target application · Ability to craft a malicious URL with a remote script

MITRE ATT&CK