CVE-2006-4456
phpecard < 2.1.4 - Remote File Inclusion via include_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4456. PoCs published by LeAk.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpECard's functions.php by manipulating the 'include_path' parameter to include a remote malicious script. The attack allows arbitrary code execution if allow_url_include is enabled.
Description
PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpECard's functions.php by manipulating the 'include_path' parameter to include a remote malicious script. The attack allows arbitrary code execution if allow_url_include is enabled.