CVE-2006-3317

phpRaid 3.0.6 - Remote File Inclusion via phpraid_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3317. PoCs published by Cold Zero.

AI-analyzed exploit summary This exploit targets a Remote File Inclusion (RFI) vulnerability in phpRaid <= 3.x.x via the 'rss.php' script. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Description

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · perlwebappsphp

https://www.exploit-db.com/exploits/3528

View Code ZIP pw:eip

This exploit targets a Remote File Inclusion (RFI) vulnerability in phpRaid <= 3.x.x via the 'rss.php' script. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpRaid <= 3.x.x

No auth needed

Prerequisites: Target must have phpRaid <= 3.x.x installed · Remote command shell must be accessible via HTTP · Allow_url_fopen must be enabled on the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →