CVE-2006-7024
Harpia CMS < 1.0.5 - Remote File Inclusion via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-7024. PoCs published by Kw3[R]Ln.
AI-analyzed exploit summary This exploit demonstrates multiple remote file inclusion vulnerabilities in Harpia CMS <= 1.0.5. It allows an attacker to include arbitrary remote files via manipulated parameters in various PHP scripts, potentially leading to remote code execution.
Description
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
Exploits (1)
This exploit demonstrates multiple remote file inclusion vulnerabilities in Harpia CMS <= 1.0.5. It allows an attacker to include arbitrary remote files via manipulated parameters in various PHP scripts, potentially leading to remote code execution.