CVE-2006-5240

Docmint <2.0 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5240. PoCs published by K-159.

AI-analyzed exploit summary This exploit leverages a Remote File Inclusion (RFI) vulnerability in docmint <= 2.0 by manipulating the MY_ENV[BASE_ENGINE_LOC] parameter to include and execute a remote command shell. It sends crafted HTTP requests to achieve remote code execution (RCE).

Description

PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K-159 · perlwebappsphp

https://www.exploit-db.com/exploits/2493

View Code ZIP pw:eip

This exploit leverages a Remote File Inclusion (RFI) vulnerability in docmint <= 2.0 by manipulating the MY_ENV[BASE_ENGINE_LOC] parameter to include and execute a remote command shell. It sends crafted HTTP requests to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: docmint <= 2.0

No auth needed

Prerequisites: Remote command shell accessible via HTTP · Network access to the target

MITRE ATT&CK