CVE-2006-4418

Wikepage 2006.2a Opus 10 - Directory Traversal via lng Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4418. PoCs published by Hessam-x.

AI-analyzed exploit summary This exploit targets a PHP code injection vulnerability in WIKEPAGE <= V2006.2a. It injects malicious PHP code into the server's log files via HTTP headers and then executes arbitrary commands by including the log file.

Description

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/2252

View Code ZIP pw:eip

This exploit targets a PHP code injection vulnerability in WIKEPAGE <= V2006.2a. It injects malicious PHP code into the server's log files via HTTP headers and then executes arbitrary commands by including the log file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WIKEPAGE <= V2006.2a

No auth needed

Prerequisites: Target server running WIKEPAGE <= V2006.2a · Access to the target server's web interface · Knowledge of common Apache log file paths

MITRE ATT&CK