CVE-2006-5421

WSN Forum < 1.3.4 - Remote Code Execution via Avatar Image Path Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5421. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in WSN Forum <= 1.3.4 by injecting a malicious PHP shell via the 'pathtoconfig' parameter. It allows arbitrary command execution by leveraging a crafted avatar upload and subsequent RFI.

Description

WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2583

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in WSN Forum <= 1.3.4 by injecting a malicious PHP shell via the 'pathtoconfig' parameter. It allows arbitrary command execution by leveraging a crafted avatar upload and subsequent RFI.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WSN Forum <= 1.3.4

Auth required

Prerequisites: Ability to upload a malicious avatar file · Access to the target's profile edit page

MITRE ATT&CK