CVE-2006-6047

Etomite 0.6.1.2 - Authenticated Path Traversal and Arbitrary File Execution via Manager Index f Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6047. PoCs published by Revenge.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in Etomite CMS 0.6.1.2, allowing remote command execution by injecting malicious PHP code into log files and including them via the 'f' parameter. It requires valid admin credentials to authenticate and exploit the vulnerability.

Description

Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Revenge · perlwebappsphp

https://www.exploit-db.com/exploits/2790

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in Etomite CMS 0.6.1.2, allowing remote command execution by injecting malicious PHP code into log files and including them via the 'f' parameter. It requires valid admin credentials to authenticate and exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Etomite CMS 0.6.1.2

Auth required

Prerequisites: Valid admin credentials · Access to the target's web server · Write access to log files

MITRE ATT&CK