PHP Remote File Inclusion Vulnerability in WAHM E-Commerce Pie Cart Pro
CVE-2006-4970

Currently unrated

Key Information:

Vendor: Wahm E-commerce
Status: Pie Cart Pro
Vendor: CVE Published:; 25 September 2006

🔔 Create Wahm E-commerce Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-4970?

The WAHM E-Commerce Pie Cart Pro is affected by a PHP remote file inclusion vulnerability found in the enc/content.php file. This flaw allows remote attackers to execute arbitrary PHP code on the affected system through the manipulation of the Home_Path parameter. Successful exploitation could lead to unauthorized access and control over the impacted web application, posing significant security risks to users and their data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-4970 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29021

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/1624

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/20112

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 25, 2006
👾
Exploit known to exist
Sep 25, 2006
Vulnerability published
Sep 25, 2006
Vulnerability Reserved
Sep 24, 2006

CVE-2006-4970 Data

JSON