CVE-2006-6045

Comdev One Admin Pro 4.1 - Remote File Inclusion via path[skin] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6045. PoCs published by w4ck1ng.

AI-analyzed exploit summary This exploit targets CVE-2006-6045, a remote command execution vulnerability in Comdev One Admin 4.1. It leverages a file inclusion flaw in adminfoot.php to inject a base64-encoded shellcode and execute arbitrary commands via log poisoning.

Description

Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by w4ck1ng · phpwebappsphp

https://www.exploit-db.com/exploits/2573

View Code ZIP pw:eip

This exploit targets CVE-2006-6045, a remote command execution vulnerability in Comdev One Admin 4.1. It leverages a file inclusion flaw in adminfoot.php to inject a base64-encoded shellcode and execute arbitrary commands via log poisoning.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Comdev One Admin 4.1

No auth needed

Prerequisites: register_globals enabled · magic_quotes_gpc disabled · accessible Apache logs

MITRE ATT&CK