CVE-2006-6341

mg.applanix < 1.3.1 - Remote File Inclusion via apx_root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6341. PoCs published by v1per-haCker.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in mg.applanix version 1.3.1. It provides URLs for exploitation but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by v1per-haCker · textwebappsphp

https://www.exploit-db.com/exploits/2794

View Code ZIP pw:eip

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in mg.applanix version 1.3.1. It provides URLs for exploitation but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: mg.applanix 1.3.1

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server

MITRE ATT&CK