CVE-2006-0713

LinPHA 1.0 - Directory Traversal and Arbitrary File Inclusion via Lang Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2006-0713. PoCs published by rgod.

AI-analyzed exploit summary The provided text describes multiple local file-inclusion and PHP code-injection vulnerabilities in LinPHA due to insecure use of 'include_once()' and insufficient input validation. It includes example URLs demonstrating the exploitation vectors but lacks actual exploit code.

Description

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.

Exploits (4)

exploitdb WRITEUP VERIFIED
by rgod · textwebappsphp
https://www.exploit-db.com/exploits/27194

The provided text describes multiple local file-inclusion and PHP code-injection vulnerabilities in LinPHA due to insecure use of 'include_once()' and insufficient input validation. It includes example URLs demonstrating the exploitation vectors but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Theoretical
Target: LinPHA (version not specified)
No auth needed
Prerequisites: Access to the target web application · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by rgod · textwebappsphp
https://www.exploit-db.com/exploits/27192

The provided text describes multiple vulnerabilities in LinPHA, including local file inclusion and PHP code injection via insecure use of 'include_once()' and insufficient input validation in log files. It outlines how an attacker can exploit these to read arbitrary files or execute PHP code in the context of the web server.

Classification
Writeup 90%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Theoretical
Target: LinPHA (version not specified)
No auth needed
Prerequisites: Access to the target web application · Ability to craft malicious HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by rgod · textwebappsphp
https://www.exploit-db.com/exploits/27193

The exploit describes multiple local file-inclusion and PHP code-injection vulnerabilities in LinPHA due to insecure use of 'include_once()' and insufficient input validation. It provides a proof-of-concept URL to demonstrate the file-inclusion vulnerability.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: LinPHA (version not specified)
No auth needed
Prerequisites: Access to the target application · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · textwebappsphp
https://www.exploit-db.com/exploits/27195

This exploit demonstrates a local file inclusion vulnerability in LinPHA by manipulating the 'language' parameter in a POST request to traverse directories and include arbitrary files. It also highlights PHP code injection via log files due to insufficient input validation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: LinPHA (version not specified)
No auth needed
Prerequisites: Access to the target application's install/forth_stage_install.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/424729/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18808
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16592
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/426
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0535

Scores

EPSS 0.0302
EPSS Percentile 85.7%

Details

Status published
Products (6)
linpha/linpha 0.9.0
linpha/linpha 0.9.1
linpha/linpha 0.9.2
linpha/linpha 0.9.3
linpha/linpha 0.9.4
linpha/linpha 1.0
Published Feb 15, 2006
Tracked Since Feb 18, 2026