CVE-2006-4498

PhpAlbum 2.15 - Remote File Inclusion via chemin Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4498. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Portail PHP mod_phpalbum 2.15. The vulnerability arises from insecure inclusion of a remote file via the 'chemin' parameter in 'sommaire_admin.php'.

Description

PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2271

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Portail PHP mod_phpalbum 2.15. The vulnerability arises from insecure inclusion of a remote file via the 'chemin' parameter in 'sommaire_admin.php'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Portail PHP mod_phpalbum 2.15

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Network access to the target

MITRE ATT&CK