CVE-2006-1013

SMartBlog 1.2 - Remote File Inclusion via index.php pg Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1013. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a command execution vulnerability in SMBlog due to improper input sanitization. It includes a URL example demonstrating how an attacker could execute arbitrary PHP commands via the 'cmd' parameter.

Description

PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27340

View Code ZIP pw:eip

The provided text describes a command execution vulnerability in SMBlog due to improper input sanitization. It includes a URL example demonstrating how an attacker could execute arbitrary PHP commands via the 'cmd' parameter.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: SMBlog (version not specified)

No auth needed

Prerequisites: Access to the vulnerable SMBlog instance

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/426498/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25220

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16905

Scores

EPSS 0.0259

EPSS Percentile 83.2%

Details

Status published

Products (1)

smartblog/smartblog 1.2

Published Mar 07, 2006

Tracked Since Feb 18, 2026