CVE-2006-4823

Reamday Enterprises Magic News Pro <1.0.3 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4823. PoCs published by Saudi Hackrz.

AI-analyzed exploit summary This exploit targets a Remote File Inclusion (RFI) vulnerability in Magic News Pro v1.0.3 via the 'script_path' parameter in 'news_page.php'. The PoC demonstrates how an attacker can include a remote shell by manipulating the parameter.

Description

PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Saudi Hackrz · webappsphp

https://www.exploit-db.com/exploits/2363

View Code ZIP pw:eip

This exploit targets a Remote File Inclusion (RFI) vulnerability in Magic News Pro v1.0.3 via the 'script_path' parameter in 'news_page.php'. The PoC demonstrates how an attacker can include a remote shell by manipulating the parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Magic News Pro v1.0.3

No auth needed

Prerequisites: Remote shell URL · Target server with vulnerable Magic News Pro installation

MITRE ATT&CK