CVE-2006-5148
Forum82 < 2.5.2b - Remote File Inclusion via Repertorylevel Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5148. PoCs published by Silahsiz Kuvvetler.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Forum82 <= v2.5.2b. The vulnerability arises from insecure usage of the 'repertorylevel' parameter in multiple PHP files, allowing an attacker to include and execute remote malicious scripts.
Description
Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Forum82 <= v2.5.2b. The vulnerability arises from insecure usage of the 'repertorylevel' parameter in multiple PHP files, allowing an attacker to include and execute remote malicious scripts.