CVE-2006-4834

phpQuiz 0.01 - Remote File Inclusion via index.php pagename Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4834. PoCs published by Solpot.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpQuiz v0.01 due to improper input validation of the 'pagename' parameter. An attacker can include arbitrary PHP code from external resources, leading to remote code execution.

Description

PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Solpot · textwebappsphp

https://www.exploit-db.com/exploits/2366

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpQuiz v0.01 due to improper input validation of the 'pagename' parameter. An attacker can include arbitrary PHP code from external resources, leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpQuiz v0.01

No auth needed

Prerequisites: PHP installation with allow_url_include enabled · Network access to the target application

MITRE ATT&CK