CVE-2006-5634

phpProfiles < 2.1_beta - Remote Code Execution via reqpath or usrinc Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5634. PoCs published by v1per-haCker.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpProfiles v2.1 Beta. It allows an attacker to include arbitrary remote files via manipulated HTTP requests to specific PHP scripts.

Description

Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by v1per-haCker · textwebappsphp

https://www.exploit-db.com/exploits/2688

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phpProfiles v2.1 Beta. It allows an attacker to include arbitrary remote files via manipulated HTTP requests to specific PHP scripts.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpProfiles v2.1 Beta

No auth needed

Prerequisites: Network access to the target application · Remote file hosting location

MITRE ATT&CK