CVE-2006-2747

PhpMyDesktop|arcade < 1.0_final - Directory Traversal and Arbitrary File Read via Subsite Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2747. PoCs published by darkgod.

AI-analyzed exploit summary The exploit describes a local file inclusion vulnerability in phpMyDesktop|arcade, allowing unauthorized file access and potential arbitrary code execution via uploaded images. The provided URL demonstrates the vulnerability by manipulating the 'subsite' parameter.

Description

Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.

Exploits (1)

exploitdb WRITEUP VERIFIED
by darkgod · textwebappsphp
https://www.exploit-db.com/exploits/27926

The exploit describes a local file inclusion vulnerability in phpMyDesktop|arcade, allowing unauthorized file access and potential arbitrary code execution via uploaded images. The provided URL demonstrates the vulnerability by manipulating the 'subsite' parameter.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: phpMyDesktop|arcade
No auth needed
Prerequisites: Access to the target application · Ability to upload files
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20373
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1009
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26724
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435365/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18185
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016180
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2065

Scores

EPSS 0.0272
EPSS Percentile 84.3%

Details

Status published
Products (1)
fredi_bach/phpmydesktop_arcade < 1.0_final
Published Jun 01, 2006
Tracked Since Feb 18, 2026