CVE-2006-6516
KDPics < 1.16 - Remote File Inclusion via Page or Lib Path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6516. PoCs published by AsTrex.
AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in KDPics <= 2006, specifically in the 'lib/exifer/exif.php' file. The attacker can include and execute arbitrary remote code by manipulating the 'lib_path' parameter.
Description
Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php.
Exploits (1)
This exploit demonstrates a Remote File Include (RFI) vulnerability in KDPics <= 2006, specifically in the 'lib/exifer/exif.php' file. The attacker can include and execute arbitrary remote code by manipulating the 'lib_path' parameter.