CVE-2006-5154

DeluxeBB <= 1.09 - Remote File Inclusion via cp/sig.php templatefolder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5154. PoCs published by r0ut3r.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in DeluxeBB 1.09 due to improper input sanitization. An attacker can include arbitrary remote files via the 'templatefolder' parameter in the 'sig.php' script.

Description

PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0ut3r · textwebappsphp

https://www.exploit-db.com/exploits/28736

View Code ZIP pw:eip

The exploit describes a remote file inclusion vulnerability in DeluxeBB 1.09 due to improper input sanitization. An attacker can include arbitrary remote files via the 'templatefolder' parameter in the 'sig.php' script.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: DeluxeBB 1.09

No auth needed

Prerequisites: Access to the target URL · Ability to host a malicious PHP file on a remote server

MITRE ATT&CK