CVE-2006-3475

free_qboard 1.1 - Remote File Inclusion via qb_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2006-3475. PoCs published by CrAsh_oVeR_rIdE.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in QBoard due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code via the 'qb_path' parameter.

Description

Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998.

Exploits (7)

exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28150

The exploit describes a remote file inclusion vulnerability in QBoard due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code via the 'qb_path' parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: QBoard (version not specified)
No auth needed
Prerequisites: Remote file hosting with malicious PHP code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28156

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It outlines the potential for arbitrary server-side script execution but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version unspecified)
No auth needed
Prerequisites: Network access to the target · Web server with vulnerable Plume CMS installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28155

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It allows arbitrary server-side script execution via the 'qb_path' parameter in features.php.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version not specified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled remote server hosting malicious script
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28154

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It lacks executable code but outlines the attack vector via the 'faq.php' script with a malicious 'qb_path' parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version unspecified)
No auth needed
Prerequisites: Network access to the target · PHP remote file inclusion enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28153

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It allows arbitrary server-side script execution via a malicious URL parameter but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version unspecified)
No auth needed
Prerequisites: Network access to the target · PHP remote file inclusion enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28152

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It outlines the potential for arbitrary server-side script execution but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version not specified)
No auth needed
Prerequisites: Access to a malicious remote file · Network access to the vulnerable Plume CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CrAsh_oVeR_rIdE · textwebappsphp
https://www.exploit-db.com/exploits/28151

The provided text describes a remote file inclusion vulnerability in Plume CMS due to improper input sanitization. It outlines the potential for arbitrary server-side script execution but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Plume CMS (version unspecified)
No auth needed
Prerequisites: Network access to the target · Ability to host malicious script on an external server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18788
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28059
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28064
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438951/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28060
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28062
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27040
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28065
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28063
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/453293/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1233
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016433
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21394
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28061

Scores

EPSS 0.0802
EPSS Percentile 94.0%

Details

Status published
Products (1)
free_qboard/free_qboard 1.1
Published Jul 10, 2006
Tracked Since Feb 18, 2026