CVE-2006-4966

chumpsoft phpQuestionnaire <3.12 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4966. PoCs published by Solpot.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in phpQuestionnaire 3.12 due to improper verification of the GLOBALS[phpQRootDir] parameter. It allows arbitrary PHP code execution by including files from external resources.

Description

PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Solpot · textwebappsphp

https://www.exploit-db.com/exploits/2410

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in phpQuestionnaire 3.12 due to improper verification of the GLOBALS[phpQRootDir] parameter. It allows arbitrary PHP code execution by including files from external resources.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpQuestionnaire 3.12

No auth needed

Prerequisites: Network access to the target application · PHP remote file inclusion enabled on the server

MITRE ATT&CK