Vulnerabilities > CVE-2006-6796 - Remote File Include vulnerability in MTCMS Admin_Settings.PHP

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mtcms
exploit available

Summary

PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.

Vulnerable Configurations

Part Description Count
Application
Mtcms
1

Exploit-Db

descriptionMTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit. CVE-2006-6796. Webapps exploit for php platform
fileexploits/php/webapps/3005.pl
idEDB-ID:3005
last seen2016-01-31
modified2006-12-25
platformphp
port
published2006-12-25
reporternuffsaid
sourcehttps://www.exploit-db.com/download/3005/
titleMTCMS <= 2.0 admin/admin_settings.php Remote File Include Exploit
typewebapps