Exploitation Summary
EIP tracks 1 public exploit for CVE-2011-0506. PoCs published by n0n0x.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in axdcms-0.1.1 by manipulating the 'aXconf[default_language]' parameter to include arbitrary files, such as '/etc/passwd'. The vulnerability arises from insecure file inclusion in the 'modules/profile/user.php' script.
Description
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter.
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in axdcms-0.1.1 by manipulating the 'aXconf[default_language]' parameter to include arbitrary files, such as '/etc/passwd'. The vulnerability arises from insecure file inclusion in the 'modules/profile/user.php' script.