CVE-2006-2121

I-RATER Platinum - RCE

Title source: llm

Description

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

Exploits (1)

exploitdb WORKING POC VERIFIED

by O.U.T.L.A.W · phpwebappsphp

https://www.exploit-db.com/exploits/27763

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/17731

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26203

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432404/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432596/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/824

Scores

EPSS 0.0695

EPSS Percentile 91.5%

Details

Status published

Products (1)

i-rater/i-rater_platinum

Published May 01, 2006

Tracked Since Feb 18, 2026