CVE-2006-5281

n@board < 3.1.9e - Remote File Inclusion via Skin Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5281. PoCs published by mdx.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in n@board versions 3.1.9e, 3.1.8cgb, and 3.1.8tc. The vulnerability allows an attacker to include a remote file via the 'skin' parameter in naboard_pnr.php.

Description

PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mdx · textwebappsphp

https://www.exploit-db.com/exploits/2514

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in n@board versions 3.1.9e, 3.1.8cgb, and 3.1.8tc. The vulnerability allows an attacker to include a remote file via the 'skin' parameter in naboard_pnr.php.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: n@board v3.1.9e, 3.1.8cgb, 3.1.8tc

No auth needed

Prerequisites: Target must have allow_url_include enabled in PHP configuration

MITRE ATT&CK