PHP Remote File Inclusion Vulnerabilities in Harpia CMS by Harpia
CVE-2006-7024

Currently unrated

Key Information:

Vendor: Harpia
Status: Harpia Cms
Vendor: CVE Published:; 15 February 2007

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-7024?

Harpia CMS versions 1.0.5 and earlier are susceptible to multiple PHP remote file inclusion vulnerabilities. These vulnerabilities can be exploited by remote attackers to execute arbitrary PHP code. Attackers can manipulate parameters like 'func_prog', 'header_prog', 'theme_root', 'mod_root', 'mod_dir', and 'php_ext' in various scripts such as preload.php, index.php, missing.php, email.php, and several others. Successful exploitation of these flaws can lead to serious security breaches, compromising the integrity of the web application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-7024 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27308

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/1943

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/18614

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 15, 2007
👾
Exploit known to exist
Feb 15, 2007
Vulnerability published
Feb 15, 2007
Vulnerability Reserved
Feb 14, 2007

CVE-2006-7024 Data

JSON