CVE-2006-5318

Nayco JASmine - Remote File Inclusion via Section Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5318. PoCs published by DarkFig.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in Jasmine-Web 0.0.2. The vulnerability allows remote attackers to include arbitrary PHP files via the 'section' parameter due to improper input validation.

Description

PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/2505

View Code ZIP pw:eip

This is a writeup describing a file inclusion vulnerability in Jasmine-Web 0.0.2. The vulnerability allows remote attackers to include arbitrary PHP files via the 'section' parameter due to improper input validation.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Jasmine-Web 0.0.2

No auth needed

Prerequisites: Network access to the target application · The vulnerable parameter must be accessible

MITRE ATT&CK