CVE-2011-0505
Zwii 2.1.1 - Remote File Inclusion via set[template][value] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-0505. PoCs published by Abdi Mohamed.
AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in Zwii v2.1.1 by manipulating the 'set[template][value]' parameter in system.php to include arbitrary files. This allows an attacker to execute remote code by injecting a malicious shell path.
Description
Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter.
Exploits (1)
The exploit demonstrates a remote file inclusion vulnerability in Zwii v2.1.1 by manipulating the 'set[template][value]' parameter in system.php to include arbitrary files. This allows an attacker to execute remote code by injecting a malicious shell path.