CVE-2006-1832

sysinfo 1.21 - Information Disclosure via debugger Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1832. PoCs published by rgod.

AI-analyzed exploit summary This PHP script exploits a command injection vulnerability in sysinfo.cgi v1.21 by sending crafted HTTP requests to execute arbitrary commands. It first retrieves the document root via a debug action, then writes a PHP shell to the target, and finally executes commands through the shell.

Description

sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappscgi
https://www.exploit-db.com/exploits/1677

This PHP script exploits a command injection vulnerability in sysinfo.cgi v1.21 by sending crafted HTTP requests to execute arbitrary commands. It first retrieves the document root via a debug action, then writes a PHP shell to the target, and finally executes commands through the shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: sysinfo.cgi v1.21
No auth needed
Prerequisites: Target must have sysinfo.cgi v1.21 installed and accessible · Target must allow outbound HTTP connections to the attacker
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17523
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1360
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/1677
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25909
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19690

Scores

EPSS 0.0657
EPSS Percentile 93.0%

Details

Status published
Products (1)
coder-world/sysinfo 1.21
Published Apr 19, 2006
Tracked Since Feb 18, 2026