CVE-2006-3323

MF Piadas 1.0 - Remote File Inclusion via Admin Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3323. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in MF Piadas, where unsanitized user input in the 'page' parameter of admin.php allows arbitrary file inclusion. This can lead to remote code execution in the context of the webserver process.

Description

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.

Exploits (2)

exploitdb WRITEUP VERIFIED
by botan · textwebappsphp
https://www.exploit-db.com/exploits/28117

The provided text describes a remote file inclusion vulnerability in MF Piadas, where unsanitized user input in the 'page' parameter of admin.php allows arbitrary file inclusion. This can lead to remote code execution in the context of the webserver process.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MF Piadas (version not specified)
No auth needed
Prerequisites: Access to the vulnerable admin.php endpoint · Ability to host or reference a malicious PHP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by botan · textwebappsphp
https://www.exploit-db.com/exploits/28115

The provided text describes a cross-site scripting (XSS) vulnerability in MF Piadas, where user-supplied input is not properly sanitized. The vulnerability allows arbitrary script execution in the context of the affected site via a crafted URL.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MF Piadas (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26867
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438496/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20847
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2567
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18676
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27415
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26868
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27412
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1172
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18679

Scores

EPSS 0.0761
EPSS Percentile 93.8%

Details

Status published
Products (1)
mastersfusion/mf_piadas 1.0
Published Jun 30, 2006
Tracked Since Feb 18, 2026