CVE-2006-5186

phpmyprofiler < 0.9.6 - Remote File Inclusion via pmp_rel_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5186. PoCs published by mozi.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in phpMyProfiler by manipulating the `pmp_rel_path` parameter to include a remote script. The PoC provides a URL structure to exploit the vulnerability.

Description

PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mozi · textwebappsphp

https://www.exploit-db.com/exploits/2470

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in phpMyProfiler by manipulating the `pmp_rel_path` parameter to include a remote script. The PoC provides a URL structure to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpMyProfiler (version not specified)

No auth needed

Prerequisites: Remote script hosting · PHP configuration allowing remote file inclusion

MITRE ATT&CK