CVEs-PoC/2006/CVE-2006-2315.md

CVE-2006-2315

Description

PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled

POC

Reference

• https://www.exploit-db.com/exploits/1762

Github

No PoCs found on GitHub currently.