CVE-2006-7070

Etomite < 0.6.1 - Unauthenticated Arbitrary File Upload via rfiles.php nfile Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7070. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in Etomite CMS <= 0.6.1, allowing remote command execution by uploading a malicious PHP file disguised as an image and renaming it to execute arbitrary commands.

Description

Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/2072

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in Etomite CMS <= 0.6.1, allowing remote command execution by uploading a malicious PHP file disguised as an image and renaming it to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Etomite CMS <= 0.6.1

No auth needed

Prerequisites: Access to the target server's rfiles.php script · Ability to send HTTP POST requests to the target

MITRE ATT&CK