Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-4749. PoCs published by KinSize.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpAtm <= v1.21 due to improper input validation in the 'include_location' parameter. The exploit allows an attacker to include and execute arbitrary remote PHP code by manipulating the parameter in multiple scripts (confirm.php, index.php, login.php).
Description
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpAtm <= v1.21 due to improper input validation in the 'include_location' parameter. The exploit allows an attacker to include and execute arbitrary remote PHP code by manipulating the parameter in multiple scripts (confirm.php, index.php, login.php).