CVE-2006-4921

Site@School <2.4.03 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/2374

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=115869368313367&w=2

[Vendor Advisory] http://secunia.com/advisories/21975

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28941

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016887

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3664

Scores

EPSS 0.0425

EPSS Percentile 88.8%

Details

Status published

Products (2)

siteatschool/siteatschool 2.4.02

siteatschool/siteatschool < 2.4.03

Published Sep 21, 2006

Tracked Since Feb 18, 2026