CVE-2006-4637

ACGV News 0.9.1 - Remote Code Execution via PathNews Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4637. PoCs published by ddoshomo.

AI-analyzed exploit summary This is a writeup describing a Remote File Include (RFI) vulnerability in ACGV News v0.9.1. It provides the vulnerable URL parameter but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ddoshomo · textwebappsphp

https://www.exploit-db.com/exploits/2324

View Code ZIP pw:eip

This is a writeup describing a Remote File Include (RFI) vulnerability in ACGV News v0.9.1. It provides the vulnerable URL parameter but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: ACGV News v0.9.1

No auth needed

Prerequisites: A vulnerable ACGV News v0.9.1 installation · Ability to host a malicious shell script on a remote server

MITRE ATT&CK