CVE-2006-5894

Rama CMS < 0.68 - Directory Traversal via Lang Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5894. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a Local File Include (LFI) vulnerability in Rama CMS <= 0.68 via the 'lang' cookie parameter. It injects malicious PHP code into log files and then includes them to achieve remote code execution (RCE).

Description

Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2760

View Code ZIP pw:eip

This exploit targets a Local File Include (LFI) vulnerability in Rama CMS <= 0.68 via the 'lang' cookie parameter. It injects malicious PHP code into log files and then includes them to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Rama CMS v.0.68

No auth needed

Prerequisites: register_globals=On · access to log files

MITRE ATT&CK