CVE-2006-5517

Rhode Island Open Meetings Filing System - Remote Code Execution via PROJECT_ROOT Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5517. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Open Meetings Filing Application by manipulating the PROJECT_ROOT parameter to include arbitrary remote scripts. The PoC provides multiple endpoints where the vulnerability can be triggered.

Description

Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2609

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Open Meetings Filing Application by manipulating the PROJECT_ROOT parameter to include arbitrary remote scripts. The PoC provides multiple endpoints where the vulnerability can be triggered.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Open Meetings Filing Application (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker-controlled server hosting malicious script

MITRE ATT&CK