CVE-2006-5866

phpmanta < 1.0.2 - Directory Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5866. PoCs published by ajann.

AI-analyzed exploit summary This exploit targets a Local File Include (LFI) vulnerability in phpManta Mdoc <= 1.0.2 via the view-sourcecode.php script. It injects PHP code into Apache log files and then includes the log file to execute arbitrary commands.

Description

Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/2748

View Code ZIP pw:eip

This exploit targets a Local File Include (LFI) vulnerability in phpManta Mdoc <= 1.0.2 via the view-sourcecode.php script. It injects PHP code into Apache log files and then includes the log file to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpManta Mdoc <= 1.0.2

No auth needed

Prerequisites: Apache log file write access · LFI vulnerability in view-sourcecode.php

MITRE ATT&CK