CVE-2006-4672
ppalCart 2.5 EE - Remote Code Execution via proMod or docroot Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4672. PoCs published by momo26.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ppalCart 2.5 EE. The vulnerability allows an attacker to include and execute arbitrary remote PHP files via the 'proMod' or 'docroot' parameters in index.php or mainpage.php.
Description
PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ppalCart 2.5 EE. The vulnerability allows an attacker to include and execute arbitrary remote PHP files via the 'proMod' or 'docroot' parameters in index.php or mainpage.php.