CVE-2006-4605

Longino Jacome php-Revista 1.1.2 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4605. PoCs published by SirDarckCat, Cold Zero.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Description

PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by SirDarckCat · textwebappsphp

https://www.exploit-db.com/exploits/8425

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Revista 1.1.2

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/2890

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in php-revista <= 1.1.2, allowing an attacker to include arbitrary remote files via the 'adodb' parameter in multiple index.php files. The PoC provides URLs to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: php-revista <= 1.1.2

No auth needed

Prerequisites: Remote file hosting with malicious payload · Network access to the target

MITRE ATT&CK