CVE-2006-5471

Softerra PHP Developer Library < 1.5.3 - Remote File Inclusion via cfg_dir or lib_dir Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5471. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in PHPLibrary <= 1.5.3. The vulnerability allows an attacker to include a remote file via the 'cfg_dir' parameter in 'grid3.lib.php', leading to potential remote code execution.

Description

PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/2511

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in PHPLibrary <= 1.5.3. The vulnerability allows an attacker to include a remote file via the 'cfg_dir' parameter in 'grid3.lib.php', leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHPLibrary <= 1.5.3

No auth needed

Prerequisites: Remote file hosting with malicious payload · Network access to the target

MITRE ATT&CK