CVE-2006-2175

FtrainSoft Fast Click <= 2.3.8 - Remote File Inclusion via Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2175. PoCs published by R@1D3N.

AI-analyzed exploit summary This exploit targets a Remote File Inclusion (RFI) vulnerability in Fast Click <= 2.3.8. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Description

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by R@1D3N · perlwebappsphp

https://www.exploit-db.com/exploits/1740

View Code ZIP pw:eip

This exploit targets a Remote File Inclusion (RFI) vulnerability in Fast Click <= 2.3.8. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Fast Click <= 2.3.8

No auth needed

Prerequisites: Target must have Fast Click <= 2.3.8 installed · Remote command shell must be accessible via HTTP · PHP must be configured to allow remote file inclusion

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →