CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-22 22:19:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ef066380cb36dba2e454190ca2349fcff6ca2df
CVEs-PoC/2006/CVE-2006-0644.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

1023 B
Raw Blame History

CVE-2006-0644

Description

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.

POC

Reference

Github

No PoCs found on GitHub currently.

Reference in New Issue View Git Blame Copy Permalink