CVE-2006-6966
phpgraphy < 0.9.13 - Remote Code Execution via Config File Upload
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6966. PoCs published by rgod.
AI-analyzed exploit summary This exploit targets PHPGraphy 0.9.12 by leveraging an authentication bypass and file upload vulnerability to achieve remote command execution. It resets the admin password, logs in, and uploads a malicious PHP shell to execute arbitrary commands via the CLIENT-IP header.
Description
phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.
Exploits (1)
This exploit targets PHPGraphy 0.9.12 by leveraging an authentication bypass and file upload vulnerability to achieve remote command execution. It resets the admin password, logs in, and uploads a malicious PHP shell to execute arbitrary commands via the CLIENT-IP header.