CVE-2006-5865
MyAlbum < 3.02 - Remote Code Execution via Language File Inclusion
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5865. PoCs published by Silahsiz Kuvvetler.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MyAlbum <= 3.02 via the 'langs_dir' parameter in 'language.inc.php'. The vulnerable code dynamically includes a file path controlled by user input, allowing remote code execution.
Description
PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MyAlbum <= 3.02 via the 'langs_dir' parameter in 'language.inc.php'. The vulnerable code dynamically includes a file path controlled by user input, allowing remote code execution.