CVE-2006-4610

GrapAgenda < 0.11 - Remote File Inclusion via index.php page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4610. PoCs published by Kurdish Security.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in GrapAgenda 0.1, allowing remote code execution by manipulating the 'page' parameter to include arbitrary files. The PoC shows how an attacker can execute system commands via a remote file inclusion attack.

Description

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kurdish Security · textwebappsphp

https://www.exploit-db.com/exploits/2304

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in GrapAgenda 0.1, allowing remote code execution by manipulating the 'page' parameter to include arbitrary files. The PoC shows how an attacker can execute system commands via a remote file inclusion attack.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GrapAgenda 0.1

No auth needed

Prerequisites: Target must have GrapAgenda 0.1 installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK