cbcvebase.
CVE-2006-1551
published 2006-04-13

CVE-2006-1551: Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
36.13%
98.3th percentile
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.

Affected

2 ranges
VendorProductVersion rangeFixed in
georges_aubergerpajax
georges_aubergerpajax

Detection & IOCsextracted from sources · hover to see the quote

path/pajax/pajax/pajax_call_dispatcher.php
filenamepajax_call_dispatcher.php
commandPOST /pajax/pajax/pajax_call_dispatcher.php with Content-Type: text/x-json and method field containing injected PHP payload
other{ "id": "bb2238f1186dad8d6370d2bab5f290f71", "className": "<MOD>", "method": "add(1,1);<PAYLOAD>;$obj->add", "params": ["1", "5"] }
  • Alert on POST requests to pajax_call_dispatcher.php where the JSON body 'method' parameter contains characters indicative of PHP eval injection (semicolons, PHP function calls, concatenated statements).
  • Detect attempts to include arbitrary files ending in '.class.php' via PAJAX request parameters, as the vulnerability also enables local file inclusion of that pattern.
  • Look for the static JSON 'id' value 'bb2238f1186dad8d6370d2bab5f290f71' in POST bodies to pajax_call_dispatcher.php — this is a hardcoded Metasploit exploit artifact.
  • ·The default Metasploit URI path '/pajax/pajax/pajax_call_dispatcher.php' may vary in real deployments; defenders should also monitor any path ending in 'pajax_call_dispatcher.php'.
  • ·The default PAJAX module name used in the exploit is 'Calculator', but the MOD option is configurable by the attacker, so className in the JSON body should not be relied upon as a sole detection indicator.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.