Vulnerabilities > CVE-2006-5115 - Local File Include vulnerability in KGB 1.87
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
Exploit-Db
description | KGB 1.87 (Local Inclusion) Remote Code Execution Exploit. CVE-2006-5115. Webapps exploit for php platform |
file | exploits/php/webapps/2447.php |
id | EDB-ID:2447 |
last seen | 2016-01-31 |
modified | 2006-09-28 |
platform | php |
port | |
published | 2006-09-28 |
reporter | Kacper |
source | https://www.exploit-db.com/download/2447/ |
title | KGB 1.87 Local Inclusion Remote Code Execution Exploit |
type | webapps |