CVE-2006-5837

SimpleChat 1.0.0 - Static Code Injection via chat_panel.php msg Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5837. PoCs published by nuffsaid.

AI-analyzed exploit summary This exploit demonstrates a remote code execution vulnerability in iWare Pro CMS <= 5.0.4 due to unsanitized input in the chat_panel.php file. The PoC shows how arbitrary PHP code can be written to chat_log.php via the msg parameter, leading to RCE.

Description

Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nuffsaid · textwebappsphp

https://www.exploit-db.com/exploits/2733

View Code ZIP pw:eip

This exploit demonstrates a remote code execution vulnerability in iWare Pro CMS <= 5.0.4 due to unsanitized input in the chat_panel.php file. The PoC shows how arbitrary PHP code can be written to chat_log.php via the msg parameter, leading to RCE.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: iWare Professional CMS <= 5.0.4

No auth needed

Prerequisites: Access to the chat_panel.php endpoint · Ability to send HTTP requests to the target

MITRE ATT&CK