CVE-2006-4583
FlashChat < 4.6.1_beta - Remote Code Execution via dir[inc] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4583. PoCs published by NeXtMaN.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Flashchat, specifically in three files within the `/inc/cmses/` directory. The vulnerability allows an attacker to include and execute arbitrary remote files by manipulating the `dir[inc]` parameter.
Description
Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Flashchat, specifically in three files within the `/inc/cmses/` directory. The vulnerability allows an attacker to include and execute arbitrary remote files by manipulating the `dir[inc]` parameter.