CVE-2006-4957
MyReview 1.9.4 - SQL Injection via Admin.php Email Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4957. PoCs published by STILPU.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in MyReview 1.9.4, allowing an attacker to write a PHP shell to the server's filesystem. The exploit first retrieves the local path via error-based SQL injection, then writes a shell to a writable directory, and finally provides a command execution interface.
Description
SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.
Exploits (1)
This exploit targets a SQL injection vulnerability in MyReview 1.9.4, allowing an attacker to write a PHP shell to the server's filesystem. The exploit first retrieves the local path via error-based SQL injection, then writes a shell to a writable directory, and finally provides a command execution interface.