CVE-2006-6546

cutenews_aj-fork 167f - Remote File Inclusion via cutepath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6546. PoCs published by DeltahackingTEAM.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in CuteNews aj-fork 1.6.7. The vulnerable code includes a file path controlled by the 'cutepath' parameter, allowing an attacker to include a remote shell.

Description

PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DeltahackingTEAM · textwebappsphp

https://www.exploit-db.com/exploits/2891

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in CuteNews aj-fork 1.6.7. The vulnerable code includes a file path controlled by the 'cutepath' parameter, allowing an attacker to include a remote shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CuteNews aj-fork 1.6.7

No auth needed

Prerequisites: Remote shell accessible via HTTP · Target application with vulnerable 'cutepath' parameter

MITRE ATT&CK