CVE-2006-4607

Longino Jacome php-Revista 1.1.2 - Unauthenticated Authentication Bypass via ID_ADMIN and SUPER_ADMIN Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4607. PoCs published by SirDarckCat.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Description

admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SirDarckCat · textwebappsphp

https://www.exploit-db.com/exploits/8425

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Revista 1.1.2

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK