CVE-2006-4779

Vitrax Premodded phpBB <1.0.6-R3 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4779. PoCs published by CeNGiZ-HaN.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in vitrax premodded phpbb by manipulating the phpbb_root_path parameter to include a remote or local file (phpshell.txt). It allows arbitrary code execution if the attacker can control the included file.

Description

PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CeNGiZ-HaN · textwebappsphp

https://www.exploit-db.com/exploits/2353

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in vitrax premodded phpbb by manipulating the phpbb_root_path parameter to include a remote or local file (phpshell.txt). It allows arbitrary code execution if the attacker can control the included file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: vitrax premodded phpbb

No auth needed

Prerequisites: Target must have vitrax premodded phpbb installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK