CVE-2006-4837

EXPLOITED

DCP-Portal SE 6.0 - Remote File Inclusion via Root Parameter

Title source: llm

Exploitation Summary

CVE-2006-4837 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Federico Fazzi.

AI-analyzed exploit summary The advisory describes a remote command execution vulnerability in DCP-Portal 6.1.x due to an unsanitized $root variable in lib.php. The PoC demonstrates how an attacker can manipulate the $root variable to execute arbitrary commands via URL injection.

Description

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Federico Fazzi · textwebappsphp

https://www.exploit-db.com/exploits/1905

View Code ZIP pw:eip

The advisory describes a remote command execution vulnerability in DCP-Portal 6.1.x due to an unsanitized $root variable in lib.php. The PoC demonstrates how an attacker can manipulate the $root variable to execute arbitrary commands via URL injection.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: DCP-Portal 6.1.x

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK